Posts Tagged ‘Security’
Microsoft Network Monitor 3.4 available for download
Microsoft Network Monitor 3.4 available for download
Check out the new features at the Network Monitor Team Blog Beta announcement.
Additionally check the related Network Monitor Resources:
Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 was released at 6/23/2010.
The service pack includes the following new features and feature improvements:
New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.
Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization’s needs.
Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.
Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.
Read some interesting articles about the new features included in TMG SP1:
Forefront TMG (ISA Server) Product Team Blog
Forefront Team Blog
Richard Hicks
TechNet Wiki – AV Exclusion List
Wouldn’t it be handy to have one place on the web where you could find an updated list of ALL the AV exclusions you might want to configure? This wiki stub topic is meant to be that list. Feel free to add to the list, it is the wiki way!
Windows:
KB822158 Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
Windows / Active Directory:
http://support.microsoft.com/kb/822158
http://support.microsoft.com/kb/837932
http://support.microsoft.com/kb/943556
Cluster:
http://support.microsoft.com/kb/250355
Forefront: Considerations when using antivirus software on FF Edge
Products
http://support.microsoft.com/kb/943620
http://technet.microsoft.com/en-us/library/cc707727.aspx
FRS:
http://support.microsoft.com/kb/815263
SQL:
http://support.microsoft.com/kb/309422
IIS:
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
DHCP:
http://support.microsoft.com/kb/927059
SCOM / MOM:
http://support.microsoft.com/kb/975931
Hyper-V:
http://support.microsoft.com/default.aspx/kb/961804
Exchange:
Exchange 2010: http://technet.microsoft.com/en-us/library/bb332342.aspx
Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://support.microsoft.com/kb/328841
http://support.microsoft.com/kb/823166
http://support.microsoft.com/kb/245822
http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/bb332342.aspx
SharePoint:
http://support.microsoft.com/kb/952167
http://support.microsoft.com/kb/320111
http://support.microsoft.com/kb/322941
SMS:
http://support.microsoft.com/kb/327453
ISA:
http://support.microsoft.com/kb/887311
WSUS:
http://support.microsoft.com/kb/900638
SBS:
http://support.microsoft.com/kb/885685
Med-V
Recommended Anti-Virus exclusions for MED-V client and workspace installations
System Center:
Recommendations for antivirus exclusions in MOM 2005 and Operations Manager 2007
How to configure OpsMgr for intrusion detection and security hardening
Another great article from Kevin Holman, this time Kevin explains how to configure Opsmgr to alert you when security is compromised.
“Because I have a lab, that is exposed to the internet over port 3389, I get a LOT of hacking attempts on this lab. Mostly the source is from bots running on other compromised systems. These bots just do brute force attacks against the typical Admin accounts and passwords via RDP. In this article, I am going to show how OpsMgr can not only alert on this condition, but also respond by configuring the Windows Firewall to block these attacks.“
Read more at: “Using OpsMgr for intrusion detection and security hardening“
Sysinternals Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66
AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes.
VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual memory, as well as heap configuration flags.
Disk2vhd v1.5: Disk2Vhd v1.5 works with Hyper-V SCSI direct-attached volumes and reports an error when a snapshot includes offline volumes.
LiveKd v3.14: This version of LiveKd has better detection of the Debugging Tools package installation and launches the debugger in a mode that skips the unnecessary root-cause analysis of the virtual dump file.
Sigcheck v1.66: This update to Sigcheck, a file version and signature checking utility, fixes a bug in the certificate revocation check logic.
From Sysinternals
Forefront Threat Management Gateway Web Access Protection
Yuri and Tom describe how Forefront Threat Management Gateway is a web access protection solution. They dive into:
HTTPS inspection: privacy concerns, how it works
Process of how TMG protects unmanaged clients against malware
Basics on URL Filtering and NIS
Check out the TMG Book
Download a trial of TMG
Check out the video 
Blue Screen of Death – Microsoft’s Initial Response To MS10-015 / KB977165
Microsoft’s security operation have issued an initial response to the issue with machines blue screening and failing to reboot correctly after installing MS10-015.
While we work to address this issue, customers who choose not to install the update can implement the workaround outlined in the bulletin. CVE-2010-0232 was publicly disclosed and we previously issued Security Advisory 979682 in response. Customers can disable the NTVDM subsystem as a workaround and we have provided an automated method of doing that with a Microsoft Fix It that you can find here.
Customers who are experiencing issues after installing any of our security updates can get help resolving the issues by either going to this site or by calling 1-866-PCSafety (1-866-727-2338). International customers can find local support contact numbers here.
Forefront TMG 2010 Capacity Planning Tool
MS Forefront TMG launches 2 tools to help you with hardware seizing requirements:
- Forefront TMG 2010 hardware recommendations TechNet article – Shows hardware recommendations for common deployment scenarios, and design considerations specific to Forefront TMG that are relevant for any size deployment.
- Forefront TMG 2010 Capacity Planning Tool – Shows hardware recommendations for enterprise and high bandwidth deployments.
The Forefront Threat Management Gateway (TMG) 2010 Capacity Planning Tool helps customers understand what hardware they need in order to support the number of users, wide area network bandwidth, features and protections enabled in their Forefront TMG 2010 deployment.
Hyper-V Security Update KB977894
Apply this update or you may suffer a Denial-of-Service (DOS) attack. An attacker must have valid logon credentials and be able to log on locally to a Hyper-V virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This problem affects all installation types on both Windows Server 2008 and Windows Server 2008 R2.
“A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.“
Cloud Computing Security Considerations
Microsoft document for cloud computing security:
“A high-level discussion of the fundamental challenges and benefits of cloud computing security, plus some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud. This document presumes that the reader is familiar with the core concepts of cloud computing and basic principles of cloud security. It is not the goal of this paper to provide all the answers to the questions of security in the cloud or to provide an exhaustive framework for cloud security.”
