IT Core Blog

Never stop questioning. Curiosity has its own reason for existing…

Posts Tagged ‘Security

Microsoft Network Monitor 3.4 available for download

leave a comment »

Microsoft Network Monitor 3.4 available for download

Check out the new features at the Network Monitor Team Blog Beta announcement.

Additionally check the related Network Monitor Resources:

  1. Network Monitor Experts
  2. Network Monitor Parsers
  3. Network Monitor Blog
  4. Network Monitor Forums

Written by IT Core

July 1, 2010 at 9:12 PM

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

leave a comment »

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 was released at 6/23/2010.
The service pack includes the following new features and feature improvements:

New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.

Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization’s needs.

Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.

Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.

Read some interesting articles about the new features included in TMG SP1:
Forefront TMG (ISA Server) Product Team Blog
Forefront Team Blog
Richard Hicks

Written by IT Core

July 1, 2010 at 8:58 PM

TechNet Wiki – AV Exclusion List

leave a comment »

Wouldn’t it be handy to have one place on the web where you could find an updated list of ALL the AV exclusions you might want to configure? This wiki stub topic is meant to be that list. Feel free to add to the list, it is the wiki way!  

  

Windows:
KB822158 Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

Windows / Active Directory: 
http://support.microsoft.com/kb/822158
http://support.microsoft.com/kb/837932
http://support.microsoft.com/kb/943556

Cluster:
http://support.microsoft.com/kb/250355

Forefront: Considerations when using antivirus software on FF Edge
Products

http://support.microsoft.com/kb/943620
http://technet.microsoft.com/en-us/library/cc707727.aspx

FRS:
http://support.microsoft.com/kb/815263

SQL:
http://support.microsoft.com/kb/309422

IIS:
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442

DHCP:
http://support.microsoft.com/kb/927059

SCOM / MOM:
http://support.microsoft.com/kb/975931

Hyper-V:
http://support.microsoft.com/default.aspx/kb/961804

Exchange:
Exchange 2010: http://technet.microsoft.com/en-us/library/bb332342.aspx
Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://support.microsoft.com/kb/328841
http://support.microsoft.com/kb/823166
http://support.microsoft.com/kb/245822
http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/bb332342.aspx

SharePoint:
http://support.microsoft.com/kb/952167
http://support.microsoft.com/kb/320111
http://support.microsoft.com/kb/322941

SMS:
http://support.microsoft.com/kb/327453

ISA:
http://support.microsoft.com/kb/887311

WSUS:
http://support.microsoft.com/kb/900638

SBS:
http://support.microsoft.com/kb/885685

 Med-V
Recommended Anti-Virus exclusions for MED-V client and workspace installations

System Center:
Recommendations for antivirus exclusions in MOM 2005 and Operations Manager 2007

How to configure OpsMgr for intrusion detection and security hardening

leave a comment »

Another great article from Kevin Holman, this time Kevin explains how to configure Opsmgr to alert you when security is compromised.

Because I have a lab, that is exposed to the internet over port 3389, I get a LOT of hacking attempts on this lab. Mostly the source is from bots running on other compromised systems. These bots just do brute force attacks against the typical Admin accounts and passwords via RDP. In this article, I am going to show how OpsMgr can not only alert on this condition, but also respond by configuring the Windows Firewall to block these attacks.

Read more at: “Using OpsMgr for intrusion detection and security hardening

Written by IT Core

April 12, 2010 at 8:40 PM

Sysinternals Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66

leave a comment »

AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes.

VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual memory, as well as heap configuration flags.

Disk2vhd v1.5: Disk2Vhd v1.5 works with Hyper-V SCSI direct-attached volumes and reports an error when a snapshot includes offline volumes.

LiveKd v3.14: This version of LiveKd has better detection of the Debugging Tools package installation and launches the debugger in a mode that skips the unnecessary root-cause analysis of the virtual dump file.

Sigcheck v1.66: This update to Sigcheck, a file version and signature checking utility, fixes a bug in the certificate revocation check logic.

From Sysinternals

Forefront Threat Management Gateway Web Access Protection

leave a comment »

Yuri and Tom describe how Forefront Threat Management Gateway is a web access protection solution. They dive into:
HTTPS inspection: privacy concerns, how it works
Process of how TMG protects unmanaged clients against malware
Basics on URL Filtering and NIS
Check out the TMG Book
Download a trial of TMG

Check out the video 🙂

Written by IT Core

February 22, 2010 at 11:00 PM

Blue Screen of Death – Microsoft’s Initial Response To MS10-015 / KB977165

leave a comment »

Microsoft’s security operation have issued an initial response to the issue with machines blue screening and failing to reboot correctly after installing MS10-015.

While we work to address this issue, customers who choose not to install the update can implement the workaround outlined in the bulletin. CVE-2010-0232 was publicly disclosed and we previously issued Security Advisory 979682 in response. Customers can disable the NTVDM subsystem as a workaround and we have provided an automated method of doing that with a Microsoft Fix It that you can find here.

Customers who are experiencing issues after installing any of our security updates can get help resolving the issues by either going to this site or by calling 1-866-PCSafety (1-866-727-2338). International customers can find local support contact numbers here.

Written by IT Core

February 12, 2010 at 9:00 AM

Forefront TMG 2010 Capacity Planning Tool

leave a comment »

MS Forefront TMG launches 2 tools to help you with hardware seizing requirements:

Forefront TMG 2010 hardware recommendations­ TechNet article – Shows hardware recommendations for common deployment scenarios, and design considerations specific to Forefront TMG that are relevant for any size deployment.

Forefront TMG 2010 Capacity Planning Tool – Shows hardware recommendations for enterprise and high bandwidth deployments.

The Forefront Threat Management Gateway (TMG) 2010 Capacity Planning Tool helps customers understand what hardware they need in order to support the number of users, wide area network bandwidth, features and protections enabled in their Forefront TMG 2010 deployment.

Written by IT Core

February 11, 2010 at 11:19 PM

Hyper-V Security Update KB977894

leave a comment »

Apply this update or you may suffer a Denial-of-Service (DOS) attack.  An attacker must have valid logon credentials and be able to log on locally to a Hyper-V virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This problem affects all installation types on both Windows Server 2008 and Windows Server 2008 R2.

A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.

KB977894

Written by IT Core

February 11, 2010 at 10:38 PM

Cloud Computing Security Considerations

leave a comment »

Microsoft document for cloud computing security:

A high-level discussion of the fundamental challenges and benefits of cloud computing security, plus some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud. This document presumes that the reader is familiar with the core concepts of cloud computing and basic principles of cloud security. It is not the goal of this paper to provide all the answers to the questions of security in the cloud or to provide an exhaustive framework for cloud security.”

Written by IT Core

January 29, 2010 at 12:03 AM

Posted in Documentation

Tagged with