July 2007 - Posts
Long Zheng publish on his blog a slide that shows the Microsoft roadmap. This is extracted from Steve Ballmer’s Powerpoint presentation at Microsoft Show and Tell (Financial Analyst Meeting) 2007 yesterday.
hmmm.... what am I looking for the most ? let me see... yep that would be stirling :-)
While you may have heard of BitLocker, what you may not know is that you don't need Trusted Platform Module to use it on your system.
BitLocker Drive Encryption is a new security feature integrated into the Windows Vista operating system that provides considerable protection to the OS and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks" -- those made by disabling or circumventing the installed operating system, or by physically removing the hard drive to attack the data separately. In other words, attacks made when the system is not running.
BitLocker is designed for systems that have a compatible TPM microchip and BIOS. (A compatible TPM is defined as a version 1.2 TPM.) A compatible BIOS must support the TPM and the Static Root of Trust Measurement as defined by the Trusted Computing Group. When available, BitLocker uses a system's Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. The chip performs a system integrity check -- a process that verifies your computer system has not been tampered with -- before unlocking your drive and allowing access to the data stored on it. This helps protect data from theft or unauthorized viewing by encrypting the entire Windows volume. Although the TPM interacts with BitLocker at system startup, its protection is transparent and the user logon experience is unchanged. However, if the TPM is missing or altered, or if the start-up information has changed, BitLocker will enter recovery mode and the user will be required to enter a recovery password to regain access to the data. For more information about TPM specifications, visit the TPM Specifications section of the Trusted Computing Group's Web site.
A great thing about BitLocker is that even if you do not have a TPM 1.2 chip, you can still use the encryption it provides, but the system integrity checking enabled by the TPM will be unavailable.
For information about how to enable BitLocker on your computer without using a TPM 1.2 chip, see the BitLocker Drive Encryption Step-by-Step Guide.
You can also find more information about the requirements for BitLocker Drive Encryption, including partitioning, start-up options and recovery options.
here to read the original article at the windows.com
The Microsoft Secure Content Downloader (MSCD) is a peer-assisted download manager capable of securely downloading specific files. MSCD is intended for consumers who are downloading from a home PC, or business users whose computers are not behind a corporate firewall. If you use MSCD from behind a corporate firewall, you may be unable to download content, and may adversely affect other clients' ability to download content.
Main features of the MSCD are:
- Secure content description
- Each file available for download has a secure description, ensuring the content you download is exactly what the publisher published.
- Scalable performance
- MCSD is a peer-assisted technology. Each client downloads content by exchanging parts of the file they’re interested in with other clients, in addition to downloading parts from the server.
- No matter how great the internet’s demand for the file, you will always be able to make progress downloading.
- MSCD lets you download content quicker than is possible without peer assistance.
Some MSCD clients may be connected to each other via peer connections, forming a ‘cloud’ of clients. Pieces of the file you are downloading are sent through these peer connections between clients, as well as through connections with the file server. As a member of the cloud, your computer both serves as a client and server to other members of the cloud. Data destined for the cloud may be routed through your computer and sent to other cloud members. The other cloud members connected to you will be able to access only pieces of the file you are downloading via MSCD – they have no access to any other data on your computer.
You are only connected to other clients while you are downloading a file via MSCD. When the file has finished downloading – or when you pause or cancel the download, or exit the application – you disconnect from the cloud. Once you disconnect from the cloud, you will no longer have any connections to any other members in the cloud and no data will be routed through your computer.
This version of MSCD is a Community Technology Preview, and will only allow you to obtain current Visual Studio 2008 Beta 2. Since it is a Community Technology Preview, additional information related to MSCD’s performance and network transactions -- including your machine name and IP addresses -- may be logged to help evaluate and improve MSCD performance.
for download and more information click here
allthough I partialy work on Microsoft, I still don't have access to the corpnet and when I need to resolve issues involving hotfixes that weren't released to the general public. This issus has always been one of the things that was most annoying... to have to wait until MSFT support or someone with access will be able to release that hotfix for me.
a recent mail I got, pointed me out to Steve Patrick's blog where I discovered the new age of the internet.
Today, We can obtain a hotfix without having to interact with a single soul ( no phone calls etc.. ) Easy and convenient.
thanks to Microsoft Customer service who think about our customers and really do care about their experience .. you can now simply go to this URL and download almost any fix
https://support.microsoft.com/contactus2/emailcontact.aspx?scid=sw;en;1410&WS=hotfix
after you fill out the form you'll get a email in response with a link to where you can download the hotfix.
this prooves that Microsoft Customer Service does listen to our requests and does want provide us better service.
Thanks!
Way back in November 2006, when Windows Vista went from beta to RTM, Microsoft's Jim Allchin suggested that users might not need an antivirus program, thanks to the new OS's stronger security features. While the statement was subsequently clarified until it lost all its meaning, the question remains: Do Vista users really need an antivirus program running in the background at all times?
Vista is full of anti-malware features, and one of the most powerful is User Account Control. The controversial routine blasts users with a confirmation request virtually any time they try to run a program that might alter the state of the system. Vista users, you've seen it: when you try to install a program, to launch Device Manager, or run something as Administrator, the screen goes dark, the system plays an alert noise, and a dialog appears asking for permission to proceed.
continue and read the full article at extremetech.com...
The new generation of Windows client and server software boasts of strong new security tools for IT administrators, one of which is BitLocker encryption.
Techtarget.com recently published an article about two researchers that recently claimed they could crack the Trusted Platform Module (TPM) chip (the technology on which BitLocker is based), it prompted some discussion that this building block may contain a few cracks.
The TPM is based on specifications that were adopted and distributed by an industry standards group dedicated to improving information security across the board. Vipin Kumar and Nitin Kumar, brothers who are researchers at NV Labs in India, were scheduled to present a paper at a conference this month on how to crack the Trusted Computing Group's TPM microcontroller that securely stores passwords, encryption keys and digital certificates.
The TPM hardware has become the first industry-wide effort to enhance computer security, and many hope it will be the foundation for a lot more security improvements.
Microsoft uses the TPM in the BitLocker encryption feature of Windows Vista, its newest desktop operating system, and the Kumar brothers, who have cracked Vista in the past, have said that BitLocker could be cracked as well. Microsoft said last week it has no knowledge of a TPM/BitLocker break that's been published, documented and proven.
Full article at Techtarget.com
More on Windows Vista BitLocker encryption:
Considering BitLocker for remote server encryption
Performing a BitLocker installation of Windows Vista
Windows Vista BitLocker basics and advanced techniques
How to use BitLocker without TPM in Vista
In addition to Michal's post about Forefront Codename "Stirling" I wish to further elaborate about this solution.
Customers today experience multiple pain points in providing a secure and well-managed infrastructure for their companies. This includes:
• Lack of integrated protection: Today’s security solutions are not integrated well with each other or with a management interface, so it is difficult to monitor and protect the organization from emerging threats.
• Multiple security products and consoles: Today, IT pros spend a lot of time navigating between security consoles and trying to manage multiple methods for defining security policy and managing protection technologies.
• Lack of visibility into security state: It is difficult for IT pros to get visibility into the overall security state of the organization, since current security technologies do not share information.
More then one month ago (June 4th) Microsoft unveiled its solution to the problem. Forefront codename “Stirling” is a single product that delivers unified security management and reporting with comprehensive, coordinated protection across clients, server applications, and the network edge. Through its deep integration with the existing infrastructure, such as Microsoft Active Directory and Microsoft System Center, customers can reduce complexity, making it easier to achieve a more secure and well-managed infrastructure.
What Are the Key Benefits of Microsoft Forefront codename “Stirling”?
• Comprehensive Protection: By providing integrated protection technologies across clients, server applications, and the network edge, and dynamic responses to emerging threats, IT pros will be able to proactively protect their organization from emerging threats.
• “Stirling” integrates comprehensive protection technologies, including anti-malware, anti-spam, content filtering, host firewall, multi-engine protection for messaging and collaboration systems, network edge protection, and other technologies to be announced at a later date.
• “Stirling” technologies will act as a distributed system, sharing information with each other, allowing for correlation of security information to identify complex threats. Protection technologies included in “Stirling” can be set to dynamically respond to these threats, making it easier for the IT administrator to address new threats.
• Integration with Network Access Protection ensures administrators can control network access based on user and machine authorization as well as adherence to the company’s security policy for endpoint protection.
• Unified Management: “Stirling” provides a single management console across client, server, and network edge security.
• IT professionals can easily define their corporate security policy and “Stirling” will automatically configure the relevant protection technologies and ensure compliance to those policies.
• “Stirling” deploys configuration settings to existing groups of machines or users in Active Directory.
• IT professionals can use existing Microsoft Windows Server Update Services (WSUS) infrastructure to deploy updates for “Stirling.”
• Critical Visibility: Critical visibility into the security state, including insights into threats and vulnerabilities through one central console that easily communicates where action is required.
• “Stirling” collects security information from client, server, and network edge devices and provides both comprehensive reports as well as the ability to drill down and perform investigations on specific security incidents, all in one place.
• “Stirling” allows IT professionals to obtain real-time security state or identify emerging trends based on historical data.
How Does Microsoft Forefront codename “Stirling” Work?
Microsoft Forefront codename “Stirling” builds on Microsoft’s commitment to deeper integration of security and systems management, with a centralized management infrastructure to manage corporate security policies, view reports of the overall security state, and identify and protect against emerging threats. Through its integration with Microsoft System Center, IT administrators have more extensive control of alerts, enabling more complete management of the security lifecycle.
“Stirling” will utilize multiple technologies and approaches to help protect IT environments against unknown threats. For example, by enabling centralized control of software that is allowed to run on a machine along with advanced protection technologies to keep malware off systems, administrators can more easily protect systems from new threats.
“Stirling” integrates a comprehensive set of protection technologies, including anti-malware, anti-spam, content filtering, host firewall, multi-engine protection for messaging and collaboration systems, network edge protection and others to be announced at a later date.
In addition to protection provided by individual technologies, “Stirling” technologies act as a distributed system by sharing information with each other, allowing for correlation of security information to identify complex threats. Protection technologies included in “Stirling” can be set to dynamically respond to these threats through a variety of remediation techniques, making it easier for the IT administrator to address new threats.
Integration with Network Access Protection ensures administrators can control network access based on user and machine authorization, as well as adherence to the company’s security policy for endpoint protection.
Product Availability
A customer technology preview of Microsoft Forefront codename “Stirling” will begin in the second half of 2007, followed by a public beta in the first half of 2008. The product is expected to be generally available in the first half of 2009.
Read the Full Press release of the "Striling" Unveiling with an interview with Margaret Arakawa, senior director of Security Product Marketing at Microsoft, about this milestone and how it fits into Microsoft’s broader strategy and commitments to customers.
Read the "Striling" FAQ
Thanks to Guy Burstein and some photoshop wonders, I revisioned my blog and i now present:
Security Wizard - Next Generation.
Check it out, and tell me what you think :-)
It's always been possible to filter items in Event Viewer in a simple way by right-clicking in the Event Log, choosing New Log View, and then adjusting its filter properties. But Vista's Event Viewer takes it a bit further.
Like the old Event Viewer, you get a pane down the left-hand side listing the logs that you can peruse. But instead of the standard Application, System and Security, Vista's Event Viewer fine-tunes your events into dozens of smaller "sub-logs." You can see in its right-hand pane a summary of entries and, you'll note, there are more levels of event than Information, Warning, Error, Audit Success, and Audit Failure; now there's also Critical. But look in the upper left-hand corner and you'll notice a folder called "Custom Views" and, inside that, a folder named "Administrative Events."
read the full article at windowssecurity.com
The never-ending game of whack-a-spammer-mole continues, with spammers now adopting PDF files as the new mechanism for delivering their junk mail.
It seems like only yesterday we were talking about image-based spam, where the junk mail message was written in a GIF or JPEG file embedded in the letter. Now the junk mailers have been forced to change because spam blockers and detection mechanisms had gotten quite good at detecting image-based spam.
As spam filters have improved, image-based spam has taken a hit. Secure Computing notes that image-based spam has dropped from the 30 percent range to just 10 percent of total e-mail volume in recent months.
What's taking its place is a bigger nuisance. Spam in the form of attached PDF files has grown from just one percent in June to five or six percent of e-mail volume in just a month.
So it would seem PDF has replaced the GIF, according to Dmitri Alperovitch, principal research scientist at Secure Computing’s TrustedSource Labs. "The makers of e-mail filters have figured out how to recognize image-based spam and have updated their products to stop it. So now [spammers] wrap it up in the PDF," he told internetnews.com.
read more at the full article at: internetnews.com
Microsoft has released a new tool designed to help enterprises detect updates provided with the Microsoft Security Bulletins released July 10 2007. This tool is a command line scanning tool built for the sole purpose of helping customers determine systems that may need security updates provided with the released bulletins. Users of this tool should have experience in deploying software to corporate environments and with using command line tools.
What is the Enterprise Update Scan Tool (EST)?
As part of an ongoing commitment to provide detection tools for bulletin-class issues, a stand-alone tool has been provided. When a detection tool is created for a specific bulletin, customers will be able to script running the tool from a command line interface, and process the results using an XML output file. Detailed documentation will be provided with the tool to ensure customers can leverage it quickly. There will also be a version of the tool that SMS customers can obtain that offers an integrated experience for SMS administrators from the SMS Web site.
download and more information
Microsoft has released its July 2007 security bulletin, which includes six updates: three are designated "critical" by the software giant; two are deemed "important," and one is ranked "moderate." Two affect Microsoft Office, and one affects the Windows Vista Firewall. This patch cycles also addresses one flaw first reported in 2005. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the full securtiy bulletin.
In previous versions of Active Directory (AD) we had only one password and account lockout policy for the entire domain. Some companies had to use multiple domains to place different password policies on different users; others had to develop their own password filters or buy third party solutions. With Windows Server 2008 we have the option to specify different password policies for different users and groups “out-of-the-box”.
In short the new functionality, referred to as “Granular Password Settings” or “Fine-Grained Password Policy“, is based on the introduction of two new object classes in the AD schema: the “Password Settings Container” and “Password Setting” objects. These objects basically provide us the option to introduce multiple password policies into a single AD domain. But let us take a look at what else we need…
This first of two articles by Jakob H. Heidelberg from windowssecurity.com and provides a “walkthrough” on creating a password policy in addition to the usual one we have in the “Default Domain Policy” Group Policy placed on the domain level.
for the full article click here
in continunce to my latest blog post (Developers Vs. System Engineers - The battle of the (past?) decade), a good friend of mine sent me his response via e-mail (allthough i asked specificly asked to post it on the blog - thanks sergey :-).
When you develop, you fall into an "I know better" approach.
Very soon after you get the problem explained the first time, you have a solution in mind. From now on - you present "improvements" that are easy to implement in this solution, and neglect needs that are hard to implement.
It demands some Zen approach to remain focused on the problem -
"do not be the archerer, be the arrow; do not shoot the arrow, let it go when it's ready"
The attached cartoon explains it best.
Ever since I remember my self in the IT industry, I've always heard/saw/smelled (?!) the differences between the developers community and system engineers (aka sys-admins).
In the beginning I couldn't really explain why, but it seems that somehow a rivalry has grown between those communities and everywhere I go, I see more and more "group battles" between them.
As a system and security engineer whom never really liked development (I can't really get the idea of sitting around all day writing code), I recently come to an understanding that no matter how far I go and how deep I'll research and study all the products and solutions I implement, I can never reach the next level without the ability to think "outside the box". I could never be able to offer my customers the "added value" of customizing the solution or even developing a solution that will fit their exact needs.
As a sys-admin, system engineer and a consultant I've seen many products which I can't explain or even try to understand what were the developers thinking when they made them? what were they doing trying to do this instead of that? how can it be that such basic characteristics of a product (that exists in all its competitors) be missing in their product? it seems like the developers are so "out of contact" with the rest of the world and with those in the field that really need and use their products.
it seems that the combination or cooperation of developers and system engineer can do so much good to IT in general and to specific companies and products even more.
so why aren't we doing it?
I took the first step, I started thinking outside the box. I moved from a systems and infrastructure integrator the a development company, while imagining my goal of bringing the needs of the customers and needs of system engineers as I know them to the development world and hopefully taking those needs - and giving them a real life solutions.
what about you ?!
More Posts
Next page »