Financial Services Industry Publishes Software Assurance Framework
As noted in Tim’s introduction to this month’s newsletter, BITS, the technology policy division of The Financial Services Roundtable, has announced the release of its Software Assurance Framework. The framework documents the importance of secure development and provides guidelines that financial services organizations can use to implement these practices more fully. The framework is rooted in education, integration of security in design using standards and threat modeling, best practices for coding, focused and comprehensive testing and followed with important implementation and response practices.
Microsoft Security Bulletin Summary for Feb, 2012
Security Bulletin Overview for Feb 2012
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.
Forefront TMG and ISA Server
Forefront Security TechCenter
Please note that if you have feedback on documentation or wish to request new documents – email firstname.lastname@example.org
Forefront Threat Management Gateway 2010 homepage
Forefront TMG (ISA Server) Product Team Blog
The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:
Blank User Activity Report if domain or username contains accented characters
Rock around the Remote Access Service
Forefront Unified Access Gateway & Intelligent Application Gateway 2007
Forefront Unified Access Gateway 2010 Technical Resources
For comments, feedback, and requests, contact the Forefront UAG User Assistance team at email@example.com.
Forefront Unified Access Gateway Product Team Blog
The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:
The UAG DirectAccess Web Monitor shows “Network Security” as Not Healthy
DirectAccess Connectivity Assistant polling interval
Forefront Edge on the Wiki
The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.
TMG – http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx. The latest entry includes:
Test Lab Guides
Test lab guides (TLGs) allow you to get valuable hands-on experience with new products and technologies using a pre-defined and tested methodology that results in a working configuration.
UAG – http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx
Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1
Security Tip of the Month: Threat Modeling and Agile Development Practices
By Dan Griffin, Microsoft MVP – Enterprise Security and Tom Jones, Software Architect, JW Secure
Just because an application needs to be developed rapidly, doesn’t mean that you can’t develop that application with privacy and security in mind. This article examines how to effectively perform threat modeling for projects that demand rapid development processes.
Simplified Implementation of the Microsoft SDL
Get started with the SDL by downloading this guide, which illustrates the core concepts of the Microsoft SDL and discusses the individual security activities that should be performed in order to follow the SDL process.
Web App Security with the Microsoft Simplified SDL
Get a brief overview of common threat considerations for Web application development and deployment then find out how you can leverage the Microsoft Simplified SDL to help mitigate those threats while achieving the speed and efficiency of cloud computing.
SDL Quick Security References
Better understand and learn how to address common attacks that may be affecting your software, websites, and users.
How to Conduct a Code Review
A properly conducted code review can do more for the security of your application than nearly any other step. Get step-by-step guidance to help you identify the type of bugs that are important for your code and generate a list of bugs found in the code that should be prioritized for eradication.
Securing Your Application Platform
What’s the most secure way to store a secret? Read this Microsoft Security Development Lifecycle (SDL) blog post for the answer.
"How Do I" Security Videos for Developers
Find videos that explore a variety of security questions for developers, including encryption, handling attacks, security best practices, and a lot more. New videos are added regularly, so check back often.
Configuration and Utilization of AppLocker
Learn how to specify exactly what is allowed to run on desktops with the AppLocker feature in Windows 7. AppLocker provides the flexibility to allow users to run the applications, installation programs, and scripts they need to be productive. Learn how you can realize the security, operational, and compliance benefits of application standardization by using AppLocker with this short video tutorial.
AppLocker: Frequently Asked Questions
Find answers to common questions about deploying and managing AppLocker. For more details, see the AppLocker Policies Design Guide, AppLocker Policies Deployment Guide, and AppLocker Operations Guide.
Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
Register for the following Webcasts on the link above
TechNet Webcast: Information about Microsoft Security Bulletins for March (Level 200)
On-Demand Security Webcasts
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more