January 2008 - Posts
Alun Jones (Security MVP) wrote in his great blog about a new "so-called" hole in Vista Firewall machanism. To tell the truth, it's not really a hole, but I thought I'd grab your attention. it's not a flaw in the operation of Windows Firewall on Windows Vista. It's a design feature, it makes sense, and it fits in with the principle that the firewall should keep out unsolicited traffic.
this so called feature, allows windows to leave a FTP connection open before and even after you click "block" on the vista firewall pop-up. sounds bad? not very much.
To read more about this "so-called" feature and how to "close" this hole down, read the full article.
Microsoft has been placed in the Challengers Quadrant of Gartner’s Magic Quadrant for Endpoint Protection Platforms report. Gartner finds that “Point products for antivirus, anti-spyware, personal firewalls and host-based intrusion prevention (HIPS) are rapidly being replaced by suites with a centralized and extensible management framework.”
Launched in June 2007, Microsoft’s Forefront Client Security provides virus and spyware protection for business desktops, laptops, and server operating systems.
To learn about how Forefront client Security is placed in this Magic Quadrant and read the full Gartner report visit: http://www.microsoft.com/presspass/itanalyst/default.mspx
For more information on Forefront Client Security, visit www.microsoft.com/forefront/clientsecurity
Indeed, it is time for Tech-Ed once again. I still remember my experiences from my first one (I think it was the second, or third held in Israel), and every one i've been ever since.
I hold a special place in my heart (and brains :-)) to the last event, where I first lectured on RMS (back when almost no one knew what it was) and recieved the nomination to the role of Security Regional Director at Microsoft Israel.
This year, I will be bringing to you the latest news from the Microsoft world of security with two lectures about the Forefront Security Solutions family (well, at least for me its a family since I've spent more time with those products then with my own family :-))...
My first lecture will talk about Forefront Client security. Want to know what exactly is FCS? How does it REALLY work? Is it really all that Microsoft promises? How will FCS hold against a deliberate attacked of dozens of malicious viruses, spyware and malware (LIVE DEMO!)?
If that is not enough, you will win a chance to see a first and exclusive preview of the next version of forefront, code named: Stirling and it new artificial intelligence capabilities to all security related matters. All that and more in FCS: in the wild.
The second lecture will discuss the Server Family of the forefront solutions. The Forefront Server Security family has brought the multiple engine advantage to world that takes a very good care of that need. How do 8 different engines work under one hood? Why is that a good thing? Doesn't that affect performance? How does that really work?
And if that is not enough for you, you will get to see security artificial intelligence at work when Forefront Server Security will communicate with other security components and actually ACTIVATE them in case of security incident. All that and more in the first exclusive preview of the next version of forefront codenamed Striling.
I'll be going away to Seattle next month, in order to check out all that is new with the new versions and I am planning to bring with me lots of goodies and demos to show at my lecture.
Soooo..... expectations are sky rocketing... this is gonna be the best one yet.
See you all there.
All of you ISA experts might know about the ISA Server Best Practice Analyzer. The ISA Best Practice Analyzer is used to analyze the ISA environment for potential configuration problems. The ISA Server Best Practices Analyzer is a diagnostic tool like the well known EXBPA (Exchange Best Practice Analyzer Tool) that automatically performs specific tests on configuration data collected on the local ISA Server 2004/2006 computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings. You can use ISABPA for both ISA Server 2004/2006 Standard and ISA Server 2004/2006 Enterprise. If you want to know more about the ISA Server Best Practice Analyzer, read the following article at isaserver.org.
The Forefront Client Security Management Pack provides enterprise-wide monitoring for your Client Security environment. In addition to real-time event monitoring, the Forefront Client Security Management Pack provides automated and customizable response capabilities to allow you to immediately respond to critical performance, health, or capacity-related issues.
The Forefront Client Security Management Pack provides features to help you proactively manage your Client Security environment and increase availability, security, and performance.
This Management Pack highlights events that may indicate possible service outages or configuration problems, allowing you to quickly take corrective or preventative actions.
Note: The Client Security Management Pack monitors only events critical to the health of specific Client Security components. To monitor IIS, WSUS, or SQL Server health on any Forefront Client Security server, you will need to install and configure the corresponding management packs for each product according to the guidelines outlined for that product. For example, to monitor IIS on a Client Security server, you will need to install and configure the IIS Management Pack for MOM 2005.
Feature Bullet Summary:
This management pack includes event rules for:
• Microsoft Client Security Update Assistant service (FcsDs.exe)
• Microsoft Forefront Client Security Management Service (FcsMs.exe)
• Definition import failures
More details and download
I wanted to post a short apology for not being able to update my blog very much on the last few weeks....
I've been working like crazy on my current job, my under-graduate thesis and a new project that will go online in one of the upcoming weeks. I hope you will like it and I can't wait to tell you all about it soon enough...
see you soon :-)