February 2007 - Posts
Microsoft Presents in the next 4 days, 4 webcasts about the future of application access and protection by Microsoft.
Feb 20th 9:00 AM PST: “How to Define and Configure Endpoint Security Policies with the Intelligent Application Gateway"
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032324177&Culture=en-US
Feb 21st 9:00 AM PST: “Overview of Microsoft Edge Secure Access Technologies"
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032324187&Culture=en-US
Feb 22nd 9:00 AM PST: “Securing Remote Access to SharePoint Products and Technologies, Exchange Server, and Microsoft Dynamics"
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032324191&Culture=en-US
Feb 23rd 9:00 AM PST: "TechNet Webcast: Providing Comprehensive Partner and Remote Worker Access with Secure Extranets"
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032324195&Culture=en-US
Enjoy, i'll meet you all there :-)
Imagine this scenario. You are about to catch a plane. You connect to Internet using a Wi-Fi spot on the airport and sync your Outlook. It’s a long flight and you want to catch up on email during the flight. You jump on the place and when the nice airhostess announces that you can use your portable electronic devices, you pull out your laptop and start reading your email. Now imagine you have a RMS-protected email in your Inbox. Since RMS requires the client to present credentials to the RMS server to get a use license before you can consume the content, you are not able to read that important email.
Here is the solution. If you use Outlook 2003 in cached mode, you can set the Outlook client to automatically license all RMS-protected emails during sync. This way you can ensure that all protected emails in your Inbox have corresponding use licenses downloaded and hence can be viewed. Now you can have a good flight!
P.S. Outlook in cached mode should do the above automatically. If it is not doing so, the Registry entry that controls this behavior is:
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Office\11.0\Outlook
Type: REG_DWORD
Entry: UserData
Value: 0x00000001
If this is not set, or the entry doesn’t exist, create it and logoff and log back on.
Over the next six months, the software giant plans to establish teams in Europe and Asia for round-the-clock coverage of security incidents and to support customers of its security products, Vincent Gullotto, general manager of security research and response at Microsoft, said in an interview at the RSA Conference here Wednesday.
"Clearly, we have to build a global organization," Gullotto said. "We will develop sites to cover the Americas, EMEA (Europe, the Middle East and Africa) and Asia, for us to be protecting customers and providing support globally for all the people that use the various security products that we develop."
more information in the full article at Cnet
As all of you know (or you are just finding out :-)), Microsoft is very close to fulfilling its Secure end-to-end solution vision with the upcoming release of the Forefront Client Security Solution.
here are two (level 200) webcasts that explain a little bit about the new solution and it's deployment in the corporate environment.
Part 1:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032313247&EventCategory=5&culture=en-US&CountryCode=US
Part 2:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032313264&EventCategory=5&culture=en-US&CountryCode=US
Jim Allchin writes in the Windowsvistablog.com about one of the most basic conundrums in computer security which is the constant trade-off between security and usability. At the end of the day, if security is too complicated to use, then it simply won't be used. Even if a feature offers a good level of security protections, if it is complicated or has poor usability it will likely be disabled by the end-user or network administrator, which doesn't benefit anyone. The same issue with safety and security exists in the physical world. I remember when car alarms were first available (as an aftermarket product) -- you had to remember to set the alarm after you locked your car and half the time people forgot. Today, many cars come with alarms from the factory and the task of setting the alarm is usually just part of locking the car -- and as a result, alarms get set.
Jim says: "When we set off to make sure that Windows Vista was the most secure version of Windows ever, we had to create security capabilities that we could enable by default and be usable enough to be left on when the system was deployed. There is clearly a balance here because if we lock the system down too tightly, then we risk the majority of customers turning key features off, or even worse, staying on older versions of Windows and thus not realizing the great security benefits of the new system. It's a great irony when you realize that one of the risks of adding more security in the name of making people safer is that users might stay on older versions that, in some ways, appear easier to use but are much less secure than the new system."
While we greatly improved the security of Windows Vista and we believe it is the best system available, I have always been clear that the system is neither fool-proof nor unbreakable -- no software I have seen from anyone is. Moreover, there are defense-in-depth security capabilities that some may mistakenly believe are impenetrable security boundaries, when they are not. This was the hard balance that we dealt with: How many applications would be impacted with a harder security boundary and how many users might turn off a security feature if the usability was perceived to be worse?
For more information and the rest of the article, refer to the windowsvistablog.com