Microsoft Security Resource Guide
Tools
Microsoft Baseline Security Analyzer (MBSA)
Use this tool to identify common security misconfigurations and missing security updates.
MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.
Windows Update
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.
Microsoft Office Product Updates
Scans and updates Microsoft Office products.
IIS Web Server Lockdown Wizard
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.
Removal Tools:
Mydoom, Zindos and Doomjuice worms
Blaster Removal Tool for Windows XP and 2000
Sasser (A-F) Worm Removal Tool
MS04-028 Enterprise Scanning Tool
Other Tools:
http://www.microsoft.com/technet/security/tools/default.mspx
Security Risk Self-Assessment for Midsize Organizations
Updating
Understanding Update Management: Microsoft’s Software Update Strategy
Updated white paper talks about the need for strong update management process.
Other Update Management info in the TechNet Topics Page
Isolation and Resiliency
Listing of resources for the IT Pro to evaluate and deploy XP SP2
Network Access Protection
Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server
Engineering Excellence
Trustworthy Computing: Security
Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003
Office 2003
Exchange Server 2003
Get the Facts:
Windows and Linux
SQL
Guidance and Training
Security Guidance Centers on Microsoft.com
Worldwide
Prescriptive guidance to help provide defence-in-depth security.
E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules
Now available in French, German, Spanish and Japanese
XP SP2
Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides
Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
Security Newsletter
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
Security Program Guide: Events and Training Information
Events, webcasts and training ivailable for both IT Professionals and Developers.
US Security Summit Keynote and Training Content
Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
Security Update RSS Feed
Security Bulletin Search Page
Search on product, technology or KB article
Security Bulletin Webcast
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
How to Tell If a Microsoft Security-Related Message Is Genuine
Writing Security, 2nd edition
Best practices for writing Security and stopping malicious hackers.
Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.
Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
New Security Risk Management Guide
Windows NT 4.0 and Windows 98 Threat Mitigation Guide
Microsoft Identity and Access Management Series
Antivirus Defense-in-Depth
Securing Wireless LANs with PEAP and Passwords
Small Business Guidance
Guidance specifically for the smaller business
Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
Consumer Information:
http://www.microsoft.com/security/protect
http://www.microsoft.com/athome/security/default.mspx
Newsletter for home users
Security bulletin notifications for home users
More
Prescriptive Guidance, More Prescriptive Guidance
TechNet Security Guidance
How MSFT implement a secure infrastructure
Online recordings of top infrastructure speakers
Network Segmentation via IPsec
Reduce your attack surface via SCW
Secure your wireless network
Network Quarantine
Network Access Protection
Microsoft Security Response Center (MSRC)
The Microsoft Security Response Center (MSRC) blog
“Security Matters” Blog !
Microsoft Security Advisories
Microsoft Security Bulletins
Security Notification Services (regular and comprehensive)
Monthly Security Bulletin webcast
Windows Vista Security
Windows System Center Certificate Lifecycle Manager Beta 1
Microsoft Antigen and FrontBridge
Microsoft Exchange Hosted Services
ISA Server 2006 Beta
Network Access Protection – Overviews and Related Technologies
Securing Wireless LANs with Certificate Services
“Securing Wireless LANs with PEAP and Passwords”
WPA Wireless Security for Home Networks
“Advantages of Protected Extensible Authentication Protocol (PEAP)”
Security of the WEP Algorithm
IEEE 802.11 Wireless LAN Security with Microsoft Windows XP – Document Download
Tools for scanning for and dealing with rogue Wireless Access Points:
AirDefense Enterprise
AirMagnet Enterprise
CAPICOM – Platform SDK Redistributable Tool Download
PKI Enhancements in Windows XP Professional and Windows Server 2003
Windows Security Logging and Other Esoterica
The Security Monitoring and Attack Detection Planning Guide
Some presentation files from Microsoft UK technet InfoSecurity events
Reference Books:
Microsoft Windows Security Resource Kit v2.0 (ISBN: 0-7356-2174-8)
Implementing and Administering Security in a Microsoft Windows Server 2003 Network
Microsoft Preparation Guide for 70-299
Designing Security for a Microsoft Windows Server(TM) 2003 Network
Microsoft Preparation Guide for 70-298
Where can you get more information than on the Microsoft website?
Here are few other websites worth visiting!
WindowsSecurity.com
Howard, John D. “A Common Language for Computer Security Incidents” 1998. (PDF File)
The Bad Boys of Cyberspace
Great Security and Incidence Response Book Titles
CERT’s Virtual Training Environment (VTE): Link 1 and Link 2
Computer Emergency Response Team (CERT)
National Institute of Standards and Technology (NIST)
Computer Security Incident Handling Guide (PDF File)
Forum of Incident Response and Security Teams
SysInternals (Freeware utils AutoRuns, PSList, etc.)
Uninformed.org
Microsoft Baseline Security Analyzer (MBSA)
Use this tool to identify common security misconfigurations and missing security updates.
MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.
Windows Update
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.
Microsoft Office Product Updates
Scans and updates Microsoft Office products.
IIS Web Server Lockdown Wizard
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
Helps prevent potentially harmful HTTP requests from reaching IIS Web servers.
Removal Tools:
Mydoom, Zindos and Doomjuice worms
Blaster Removal Tool for Windows XP and 2000
Sasser (A-F) Worm Removal Tool
MS04-028 Enterprise Scanning Tool
Other Tools:
http://www.microsoft.com/technet/security/tools/default.mspx
Security Risk Self-Assessment for Midsize Organizations
Updating
Understanding Update Management: Microsoft’s Software Update Strategy
Updated white paper talks about the need for strong update management process.
Other Update Management info in the TechNet Topics Page
Isolation and Resiliency
Listing of resources for the IT Pro to evaluate and deploy XP SP2
Network Access Protection
Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server
Engineering Excellence
Trustworthy Computing: Security
Whitepapers on Security Enhancements:
Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003
Office 2003
Exchange Server 2003
Get the Facts:
Windows and Linux
SQL
Guidance and Training
Security Guidance Centers on Microsoft.com
Worldwide
Prescriptive guidance to help provide defence-in-depth security.
E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules
Now available in French, German, Spanish and Japanese
XP SP2
Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides
Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
Security Newsletter
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
Security Program Guide: Events and Training Information
Events, webcasts and training ivailable for both IT Professionals and Developers.
US Security Summit Keynote and Training Content
Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
Security Update RSS Feed
Security Bulletin Search Page
Search on product, technology or KB article
Security Bulletin Webcast
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
How to Tell If a Microsoft Security-Related Message Is Genuine
Writing Security, 2nd edition
Best practices for writing Security and stopping malicious hackers.
Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.
Recent Security Guidance Center additions:
Windows XP Guide, includes SP2
New Security Risk Management Guide
Windows NT 4.0 and Windows 98 Threat Mitigation Guide
Microsoft Identity and Access Management Series
Antivirus Defense-in-Depth
Securing Wireless LANs with PEAP and Passwords
Small Business Guidance
Guidance specifically for the smaller business
Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
Consumer Information:
http://www.microsoft.com/security/protect
http://www.microsoft.com/athome/security/default.mspx
Newsletter for home users
Security bulletin notifications for home users
More
Prescriptive Guidance, More Prescriptive Guidance
TechNet Security Guidance
How MSFT implement a secure infrastructure
Online recordings of top infrastructure speakers
Network Segmentation via IPsec
Reduce your attack surface via SCW
Secure your wireless network
Network Quarantine
Network Access Protection
Microsoft Security Response Center (MSRC)
The Microsoft Security Response Center (MSRC) blog
“Security Matters” Blog !
Microsoft Security Advisories
Microsoft Security Bulletins
Security Notification Services (regular and comprehensive)
Monthly Security Bulletin webcast
Windows Vista Security
Windows System Center Certificate Lifecycle Manager Beta 1
Microsoft Antigen and FrontBridge
Microsoft Exchange Hosted Services
ISA Server 2006 Beta
Network Access Protection – Overviews and Related Technologies
Securing Wireless LANs with Certificate Services
“Securing Wireless LANs with PEAP and Passwords”
WPA Wireless Security for Home Networks
“Advantages of Protected Extensible Authentication Protocol (PEAP)”
Security of the WEP Algorithm
IEEE 802.11 Wireless LAN Security with Microsoft Windows XP – Document Download
Tools for scanning for and dealing with rogue Wireless Access Points:
AirDefense Enterprise
AirMagnet Enterprise
CAPICOM – Platform SDK Redistributable Tool Download
PKI Enhancements in Windows XP Professional and Windows Server 2003
Windows Security Logging and Other Esoterica
The Security Monitoring and Attack Detection Planning Guide
Some presentation files from Microsoft UK technet InfoSecurity events
Reference Books:
Microsoft Windows Security Resource Kit v2.0 (ISBN: 0-7356-2174-8)
Implementing and Administering Security in a Microsoft Windows Server 2003 Network
Microsoft Preparation Guide for 70-299
Designing Security for a Microsoft Windows Server(TM) 2003 Network
Microsoft Preparation Guide for 70-298
Where can you get more information than on the Microsoft website?
Here are few other websites worth visiting!
WindowsSecurity.com
Howard, John D. “A Common Language for Computer Security Incidents” 1998. (PDF File)
The Bad Boys of Cyberspace
Great Security and Incidence Response Book Titles
CERT’s Virtual Training Environment (VTE): Link 1 and Link 2
Computer Emergency Response Team (CERT)
National Institute of Standards and Technology (NIST)
Computer Security Incident Handling Guide (PDF File)
Forum of Incident Response and Security Teams
SysInternals (Freeware utils AutoRuns, PSList, etc.)
Uninformed.org
| Permalink 
Add to: |
Digg |
Del.icio.us |
Technorati |
Furl |
Spurl |
Blinklist |
Reddit |
Simpy |
ma.gnolia |
Post a Comment