| This Month:
How to Tell If a Microsoft Security-Related
Message Is Genuine
Microsoft regularly sends e-mail to subscribers of
our security e-mail notification services when we
release a Microsoft Security Bulletin.
Unfortunately, malicious individuals have been
known to send bogus bulletins that appear to be
coming from Microsoft, a tactic known as spoofing.
Some of these messages lure recipients to
malicious Web sites to download malicious code,
while others include a file attachment containing
a virus. Fortunately, there are ways to spot the
imposters. Here's how to verify that a Microsoft
security-related message you receive is legitimate.
Source: Microsoft.com
Windows Small Business Server 2003 Getting Started
Guide
Step-by-step instructions include completing a
new installation of Windows Small Business Server
2003 or upgrading from Small Business Server 2000,
Windows 2000 Server, Standard Edition, or Windows
Server 2003, Standard Edition, to Windows Small
Business Server 2003. Source: Microsoft.com
Can Microsoft Finally Kill All The Bugs?
Viruses, flaws, and worms, oh my! With PCs
crashing and the Internet wheezing, Gates & Co.
are on the quality hot seat. We'll take you inside
Microsoft's effort to get its software right,
right from the start. Source:
FastComany.com
Patch Management
In 2000,
Microsoft released 100 security bulletins and
patches. This year the company is on a pace for
about 50-60 patches. But with several flaws rolled
up into each patch, and a rash of extremely urgent
flaws recently, patch management is not much
easier than it was a few years ago. Source: ENT
Online
Chapter of the Week: Managing Enterprise Active
Directory Services -- Chapter 2, 'Active
Directory management'
In Managing
Enterprise Active Directory Services, the
authors draw from their unique experiences with
Active Directory programming interfaces and
management concepts to provide readers with an
authoritative reference. In this chapter, authors
Robbie Allen and Richard Puckett discuss the
focus, philosophy and basics of actively managing
Active Directory. They also cover the
advantages/disadvantages of management
applications. The sample chapter is in .PDF
format, and free registration may be required.
Source: SearchWin2000
Working as a Network Analyst
The network analyst job embraces a broad range of
knowledge and skills. That©s also true of network
analyst job descriptions, which vary from company
to company. Understand the job description, and
your foot©s in the door. Source:
Certification Magazine
Guide to Securing Windows XP in Small and Medium
Businesses
With the over-growing threat of malicious code --
such as worms, virus, and hacker threats -- it is
critical that all customers take immediate action
to help lock-down their desktop and laptop
systems. This guide explains how to implement the
security measures recommended in the Windows XP
Security Guide in a small or medium business
environment without an Active Directory
deployment. These recommendations help ensure that
your desktop and laptop systems running Windows XP
Professional SP1 are more secure from the majority
of current security threats, while ensuring that
users can continue to be efficient and productive
on their computers. In addition to the advanced
step-by-step guidance in this document, you will
also find information on the top security
recommendations that Microsoft is making to all
customers, from the home to the enterprise.
Source: Microsoft Technet
Wireless Policy Development (Part One)
This is the first of a two-part series that will
help create a framework for the most important
aspect of any wireless security strategy -- policy
development. Source: SecurityFocus.com
Inside Dell
Read about
Dell's manufacturing and marketing strategies and
how it climbed to the top of the computer
manufacturing industry. Source:
Windows & .Net Magazine
Chapter of the Week: Microsoft SQL Server 2000:
A Guide to Enhancements and New Features --
Chapter 2, 'Enhancements and changes to existing
features'
This free sample
chapter outlines the feature sets that have been
enhanced since SQL Server 7.0 and the new feature
sets that have been added to SQL Server 2000 like
XML capability, indexed views and distributed
partitioned views. The chapter is in .PDF format,
and free registration may be required. Source:SearchWin2000.com
Best Practices for Mitigating RPC and DCOM
Vulnerabilities
This white paper is being made available to assist
system administrators and technical personnel in
preventing damage caused by an exploit for
vulnerabilities in the RPC and DCOM sub-systems in
Microsoft©s operating systems. Several such
vulnerabilities have been announced in Microsoft
security bulletins MS03-026 and MS03-039. The
vulnerabilities affect most currently supported
Microsoft operating systems. However, this paper
is primarily geared to technical personnel
supporting organizational networks. Consumers are
encouraged to go to
www.microsoft.com/protect to get information
on the three steps they can follow to help protect
themselves from this and other threats. Source: Microsoft.com
Another black eye for 'Trustworthy Computing'
When the "worms of August" arrived, I wonder what
percentage of the Internet's bandwidth was
consumed downloading service packs and "critical
fixes" from Microsoft? Source:
NetworkWorldFusion
Training and Certification on Windows Server 2003
Microsoft
recently announced some interesting new training
and certification options for IT administrators
working with Windows Server 2003, including the
first-ever Microsoft Small Business Server (SBS)
2003 exam. This article provides an overview of
the new exams and certification requirements.
Source: Windows & .NET
Magazine
Action: Install New
Security Patch Immediately
Microsoft urges users of Microsoft Windows NT 4.0,
Windows 2000, Windows XP, and Windows Server 2003
to read Security Bulletin MS03-039 and install
this critical security patch immediately. Source:
Microsoft.com
Chapter of the Week: Understanding PKI, Second
Edition -- Chapter 5, 'PKI-enabled services'
PKI (public-key
infrastructure) enables the secure exchange of
data over otherwise unsecured media, including the
Internet. PKI is the underlying cryptographic
security mechanism for digital certificates and
certificate directories, which are used to
authenticate a message sender. Because PKI is the
standard for authenticating commercial electronic
transactions, Understanding PKI, Second Edition
provides network and security architects with the
tools they need to grasp each phase of the key and
certificate life cycle, including generation,
publication, deployment and recovery. This chapter
looks at the security services that can, in some
way, be enabled by a PKI. These are not services
inherent in, or fundamental to any PKI, but are
services that can build on the core PKI services.
Some PKIs may support these auxiliary services,
and others may not. Source:
SearchWin200.com
(Free registration may be required)
CSI: Lost e-mails
"In
today's world of rampant litigation and
regulation, even if you're not an Enron or a WorldCom,
even if your company is squeaky clean, it's wise
to assume that sooner or later, you will be
compelled to produce e-mail records. In addition
to lawsuits, regulations can result in requests
for e-mails and other documents. The bottom line
is if you haven't recently overhauled your
policies and procedures for saving e-mail, now's
the time."
Source: NetworkWorldFusion
Intrusion Detection Terminology (Part One)
This is the first of a two-part series that
discusses IDS terminology, including terms where
there may be disagreement from within the security
community. Source: SecurityFocus.com
Distributed Denial of Service Attacks
While DDoS attacks are based on many of the same
mechanisms as DoS attacks, they're typically more
complex and have the potential to wreak more
widespread havoc. Source: NetworkMagazine
Viruses, Worms: What's in a Name?
Researchers who first discover viruses or worms
get the honor of naming them. Sometimes, the names
are easy to pick. But as more viruses are created,
researchers are having a harder time coming up
with catchy monikers. Source: Wired
Chapter of the Week: Ultimate Windows Server
2003 Administrator's Guide -- Chapter 15,
'Terminal services'
Terminal services is Microsoft's answer to thin
client technology. In each major Windows NT server
family release, terminal services has undergone
significant changes; in Windows Server 2003 it
continues to advance with enhanced functionality
and essential services like security management.
This sample chapter includes a conceptual review,
discusses how to install and configure terminal
services and much more. (Free registration may
be required) Source:
SearchWin2000.com
Dealing With Rogue IT
So-called rogue
projects -- systems projects done without the
knowledge or oversight of the IT organization --
are common. Sometimes they make a lot of sense for
the company, but sometimes they're disasters.
Source: ComputerWorld
Workshop: Active Directory Backup
The crash of a domain
controller hard drive and its mirrored side
proved to Gulf Coast Community College that you
can't take chances when it comes to backing up
Active Directory.
Source: Network Computing
Past Archives
|
