Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
dissabte, 5 / juny / 2004 |
Microsoft realitzarà durant aquest mes de juny un bon grapat de de webcasts sobre temes de seguretat:
Pels directius
- Microsoft Executive Circle Webcast: Monthly Update from Microsoft's VP for Security - Level
22 de juny
17.30 a 20.30 hores (Barcelona)
Mike Nash, VP Security Business Unit, Microsoft Corporation
Join Mike Nash, Microsoft’s senior executive in charge of security, for his monthly security update. Mike will provide the latest details on Microsoft’s security enhancements, offer tips and insights into key security strategies for customers and provide new information on Microsoft's security technologies being delivered in upcoming service packs.
http://go.microsoft.com/fwlink/?LinkId=28964
Pels professionals de la seguretat
- Implementing Server Security on Windows 2000 and Windows 2003 (Part 1) - Securing Servers: Core Server Security and Active Directory Security - Level 200
8 de juny
18.00 a 18.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast discusses and explains the importance of server security to your organization. We will explore core server security and the key components in the process of securing Active Directory®. We will then discuss some of the challenges small-to-medium sized businesses face when trying to secure a server environment, the importance of multiple layers of security, managing software updates, and how to use Active Directory to secure your server environment. This webcast includes a demonstration on how to create an Organizational Unit structure and apply a security template.
http://go.microsoft.com/fwlink/?LinkId=29281
- Implementing Client Security on Windows 2000 and Windows XP (Part 1) - Core Client Security, Securing Applications and Group Policy for Standalone Clients - Level 200
8 de juny
20.00 a 20.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast discusses the importance of implementing a core client security, concentrating on securing applications and securing standalone Windows® clients. We will discuss a fundamental, core set of client security topics along with securing a variety of applications such as Internet Explorer and Microsoft® Outlook® within an organization. From there we’ll discuss how to use Active Directory® and Group Policy to secure Windows clients. The presentation includes a demonstration on Securing Standalone Clients.
http://go.microsoft.com/fwlink/?LinkId=29849
- IIS 6.0: Built for Stability - Level 200
8 de juny
20.30 a 22.30 hores (Barcelona)
Don Jones, Book Author and Founding partner of BrainCore.Net, BrainCore.Net
Sure, IIS 6.0 has a new architecture, and you may have heard about http.sys, application pools, Web gardens, and more, but what does it all mean, and why should you care? Join this Webcast and see what the new IIS architecture offers Web server administrators, and learn how to build Web servers than can survive the most challenging designs your Web developers can throw at it!
http://go.microsoft.com/fwlink/?LinkId=25234
- Information about Microsoft's June Security Bulletins - Level 200
9 de juny
19.00 a 20.00 hores (Barcelona)
Christopher Budd, CISM, CISSP/Security Program Manager and Debby Fry Wilson, Director/Security Response Marketing
On June 8, Microsoft will release its monthly security bulletins. Join us for a brief overview of the technical details of the June security bulletins followed by an extensive Q&A session.
This webcast will focus on addressing your questions and concerns about the security bulletins. Therefore, the majority of the webcast session will give you the opportunity to ask questions and get answers from our security experts.
http://go.microsoft.com/fwlink/?LinkId=28770
- Security Patch Management Tools (Part 1) - Windows and Office Update - Level 200
9 de juny
20.00 a 20.45 hores (Barcelona)
Kai Axford, TechNet Presenter, Microsoft Corporation
How are you evaluating, distributing, and installing software patches? This webcast discusses the importance of patch management and establishing a patch management process using Windows and Office Update as a patch management tool in your environment. We will present a brief overview of the patch management landscape, focusing on the role of Windows and Office Update as one of your patch management tools. From there this webcast will walk you through a demonstration on Configuring Automatic Windows Update.
http://go.microsoft.com/fwlink/?LinkId=29871
- Essentials of Security (Part 1) - Security and Defense - Level 200
14 de juny
18.30 a 18.45 hores (Barcelona)
Shawn Travers, SST TechNet Presenter, Microsoft Corporation
How does a security plan affect the commerce of the business it is supposed to protect? How can you be sure your security plan implements the right kind of security for each type of vulnerability? This webcast presents a defense-in-depth model that can help provide protection for each layer of an infrastructure. The discussion also includes strategies for security response, common attack scenarios, and best practices. During this webcast we will walk through two demonstrations: Internet Connection Firewall and Protecting IIS 5.0.
http://go.microsoft.com/fwlink/?LinkId=29329
- Implementing Network and Perimeter Security - Level 300
14 de juny
20.00 a 21.30 hores (Barcelona)
Byron Hynes, Consultant, Market Star
In this session for experienced IT professionals, you will build on existing knowledge of server and client security and learn how to apply best practices to implement perimeter and network defenses. The session will discuss the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. You will also learn how to increase security for wireless network access through the use of encryption and password authentication protocols.
http://go.microsoft.com/fwlink/?LinkId=29394
- Implementing Server Security on Windows 2000 and Windows 2003 (Part 2) - Hardening Member Servers and Hardening Domain Controllers - Level 200
15 de juny
18.00 a 18.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast addresses implementing security on many different types of servers found in a Windows 2000 Server and Windows Server 2003 environment and practical information on how to harden domain controllers. We will provide recommendations and practical information about how to harden servers in general and how to harden member servers, in particular. During this webcast we will see two demonstrations on using MBSA and Hardening Domain Controllers.
http://go.microsoft.com/fwlink/?LinkId=29399
- Implementing Client Security on Windows 2000 and Windows XP (Part 2) - Securing Your Environment with Active Directory - Level 200
15 de juny
20.00 a 20.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast will cover the role of Active Directory® in securing network clients and how to leverage Group Policy as a tool to enhance network security. Learn how to use Group Policy to standardize user permissions, simplify administration, and ensure consistent access and security standards. This webcast will also will walk you through two demonstrations with prescriptive information on how to modify Active Directory for client security and how to use Group Policy.
http://go.microsoft.com/fwlink/?LinkId=29874
- Security Patch Management Tools (Part 2) - MBSA and SUS - Level 200
16 de juny
20.00 a 20.45 hores (Barcelona)
Kai Axford, TechNet Presenter, Microsoft Corporation
How are you evaluating, distributing, and installing software patches? This webcast reviews the importance of patch management and establishing a patch management process using the Microsoft® Baseline Security Analyzer (MBSA) and Software Update Services (SUS) as a patch management tool in your environment. Using these tools as part of a patch management strategy can benefit your organization in many ways, ultimately improving efficiency and saving time and money. Used properly, they can prevent downtime, loss of data, and other costly problems resulting from an improperly patched infrastructure. Join this webcast to find out how.
http://go.microsoft.com/fwlink/?LinkId=29882
- Essentials of Security (Part 2) - Security Risk Management Discipline - Level 200
21 de juny
18.00 a 18.45 hores (Barcelona)
Shawn Travers, SST TechNet Presenter, Microsoft Corporation
So maybe you've heard of Security Risk Management Discipline (SRMD), but what is it exactly, what does it entail, and how do you implement it? This webcast will introduce you to SRMD and discuss its three primary processes: assessment, development, and implementation and operation. Then we go into extensive detail on the SRMD processes, their use and implementation, and best practices. We’ll also walk you through two demonstrations: Encrypting Network Traffic and Securing Data on a Disk. Join this webcast to learn not only the benefits of SRMD, but how to get the most out of it.
http://go.microsoft.com/fwlink/?LinkId=29891
- Implementing Server Security on Windows 2000 and Windows 2003 (Part 3) - Hardening Servers for Specific Roles and for Standalone Use - Level 200
22 de juny
18.00 a 18.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
You already know that hardening the servers in your infrastructure would improve efficiency and security, but how to do it? This webcast discusses hardening both role-specific and standalone servers. In discussing hardening of servers for specific roles, we will review the importance of applying the appropriate security templates and manually configuring server settings for the role. We will then discuss how to harden standalone servers using Security Configuration and Analysis or Secedit to apply security settings. This webcast will present two demonstrations on hardening servers for specific roles, and on hardening a stand-alone server.
http://go.microsoft.com/fwlink/?LinkId=29905
- Implementing Client Security on Windows 2000 and Windows XP (Part 3) - Software Restriction, Antivirus and Client Firewalls - Level 200
22 de juny
20.00 a 20.45 hores (Barcelona)
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
Is your client-side security program effective and up-to-date? This webcast discusses important client defense strategies based on software restriction policies, antivirus software and client firewalls. Learn how a software restriction policy can improve client-side reliability and IT staff productivity, the importance of antivirus software and the cost-saving role it can play with a centralized deployment, and the need for client firewalls and the variety of firewall options available. This webcast also features two demonstrations: applying a software restriction policy and enabling the client firewall.
http://go.microsoft.com/fwlink/?LinkId=29912
- Applied Security Strategies - Level 300
23 de juny
18.00 a 18.30 hores (Barcelona)
Byron Hynes, Consultant, Market Star
In this session for experienced IT professionals, you will build on existing knowledge of server and client security and learn how to apply best practices to implement perimeter and network defenses. The session will discuss the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. You will also learn how to increase security for wireless network access through the use of encryption and password authentication protocols.
http://go.microsoft.com/fwlink/?LinkId=29916
- Security Patch Management Tools (Part 3) - SMS with the SUS Feature Pack - Level 200
23 de juny
20.00 a 20.45 hores (Barcelona)
Kai Axford, TechNet Presenter, Microsoft Corporation
Do you have an effective, comprehensive patch management strategy? Do you know when to use Systems Management Server (SMS) and when to use Software Update Services (SUS)? In this webcast we will discuss using SMS and the SUS Feature Pack as patch management tools in your environment and how they fit into a comprehensive patch management strategy. SMS and SUS offer different advantages and benefits to an organization. This webcast will review their different capabilities and how they contribute to a secure infrastructure.
http://go.microsoft.com/fwlink/?LinkId=29917
- Mitigation Best Practices - Level 200
24 de juny
22.00 a 23.30 hores (Barcelona)
Jesper Johansson, Security Program Manager, Microsoft Corporation
In a perfect world, everything is patched and up-to-date. But what if you have security vulnerabilities, a worm is on the loose, and deploying the patches would be too risky or time-consuming? Welcome to the security practice of "mitigation." In this webcast you will learn how mitigating measures can be used to minimize the impact of security problems in situations where you cannot install patches immediately. The discussion also shows how to analyze various scenarios to determine when and whether mitigation is appropriate for a given situation.
http://go.microsoft.com/fwlink/?LinkId=29918
- Passwords Demystified - Level 200
25 de juny
22.00 a 23.30 hores (Barcelona)
Jesper Johansson, Security Program Manager, Microsoft Corporation
How does Windows handle, store, and use passwords? How are passwords attacked? This webcast discusses these vital password topics as they apply to Windows systems. Join this webcast to hear from a true expert in the field – Dr. Johannson – as he covers everything you wanted to know about how passwords are managed in Windows.
http://go.microsoft.com/fwlink/?LinkId=29919
Pels programadors
- .NET Framework Security (Part 1) - Features and Cryptography - Level 300
7 de juny
22.00 a 23.30 hores (Barcelona)
Dan Fox, Technical Director, Quilogy
Are you aware of the application security and cryptography features available to you through Microsoft® .NET Framework? This webcast begins with an overview of these features, including Buffer overrun protection, Arithmetic error trapping and Isolated Storage. From there we provide a review of cryptography and discuss the encryption features and tools that .NET offers the developer, such as Symmetric and Asymmetric Encryption. The webcast includes two encryption-related demonstrations: Investigating .NET Data-Type Safety Using the Checked Keyword and Performing Symmetric Encryption Signing Data.
http://go.microsoft.com/fwlink/?LinkId=29512
- Essentials of Application Security (Part 2) - Authentication - Level 300
9 de juny
18.00 a 18.45 hores (Barcelona)
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast is the second of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authentication in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authentication as part of a larger security solution, examining specific Authentication techniques and best practices in IIS. The webcast includes two demonstrations: Buffer Overruns and IIS Authentication Techniques.
http://go.microsoft.com/fwlink/?LinkId=29860
- Writing Secure Code - Best Practices - Level 300
11 de juny
22.00 a 23.30 hores (Barcelona)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this webcast for experienced developers, you will learn established best practices for applying security principles throughout the development process. We will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.
http://go.microsoft.com/fwlink/?LinkId=29284
- .NET Framework Security (Part 2) - Code Access and Role-Based Security - Level 300
14 de juny
22.00 a 23.30 hores (Barcelona)
Dan Fox, Technical Director, Quilogy
Are you aware of the code access and role-based security features available to you through Microsoft® .NET Framework? This webcast delves into Framework’s many code access security concepts, including evidence-based security, partial trust applications, and Sandboxing privileged code. From there we will cover role-based security within the .NET Framework, such as authentication and authorization, creating generic identities and principals, and imperative and declarative security checks. This webcast features two important and useful demonstrations: Using the .NET Framework Configuration Tool, Performing Security Checks and Requesting Permissions; and Using Windows Role-Based Security and Using Generic Role-Based Security.
http://go.microsoft.com/fwlink/?LinkId=29869
- Essentials of Application Security (Part 3) - Authorization - Level 300
16 de juny
18.00 a 18.45 hores (Barcelona)
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast is the third of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authorization in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authorization as part of a larger security solution, examining Trusted Subsystem Model Authorization techniques and best practices. The webcast includes two demonstrations: Buffer Overruns and Trusted Subsystem Model Authorization Techniques.
http://go.microsoft.com/fwlink/?LinkId=29877
- Writing Secure Code - Threat Defense - Level 300
18 de juny
18.00 a 19.30 hores (Barcelona)
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.
http://go.microsoft.com/fwlink/?LinkId=29889
- .NET Framework Security (Part 3) - ASP .NET Web Applications and Services - Level 300 21 de juny
22.00 a 22.45 hores (Barcelona)
Dan Fox, Technical Director, Quilogy
Are you aware of the security issues for Microsoft® ASP.NET Web applications, and the application security features available to you through Microsoft .NET Framework? This webcast begins by laying out the security issues for Microsoft ASP.NET Web applications. From there we’ll enumerate the security issues for Web services, and then delve into the Web Service Enhancements for security. This webcast features two important and useful demonstrations: Configuring Forms Authentication and Using Validation Controls and Implementing Security for a Web Service.
http://go.microsoft.com/fwlink/?LinkId=29900
Informació addicional
|
22:50 (# Enllaç permanent) ()
|
|
[Netcraft] Wikis: The Next Frontier for Spammers?: com, després dels weblogs, els wikis es poden convertir en un nou mecanisme per a la difusió de l'SPAM:
Wiki maintainers can expect an increase in spam after a webmaster newsletter highlighted the effectiveness of Wiki spam in raising a site's Google ranking. WebProNews described how a webmaster improved his rank in a search engine optimization (SEO) contest using links in Wiki "sandboxes" - pages where users are urged to test drive the format and learn how to use it.
|
22:35 (# Enllaç permanent) ()
|
|
[eBCVG.COM] What Exactly Is Computer Forensics?
Computer forensics involves the preservation, identification, extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any discipline, computer forensic specialists follow clear, well-defined methodologies and procedures, and flexibility is expected and encouraged when encountering the unusual. It is unfortunate that computer forensics is sometimes misunderstood as being somehow different from other types of investigations.
|
22:30 (# Enllaç permanent) ()
|
|
[Linux.com] Chrooting Apache. La instal·lació de l'Apache dins d'una gàbia chroot no fa que sigui més segur, però si serveix per limitar els fitxers que tant el procés de l'Apache com els seus fills poden accedir: únicament els fitxers dins del sistema de fitxers de la gàbia.
D'aquesta forma, en cas d'un incident de seguretat que permeti un accés remot es pot limitar la informació a la que l'atacant té accés. Ara bé, abans de decidir la instal·lació de l'Apache dins d'una gàbia cal considerar seriosament els avantatges i els desavantatges.
|
22:23 (# Enllaç permanent) ()
|
|
[Seattle Weakly] Microsoft's Sacred Cash Cow
former Microsoftie says addiction to Windows revenue, mediocre products, and missed opportunities could doom Seattle's most successful company.
(...)
I began using Microsoft products 23 years ago, at age 11, and I worked for Microsoft from 1991 to 1999 as a technology manager. For many years, I was a Microsoft loyalist. While aware of Microsoft's shortcomings, I always believed that the Soft did its best to improve products over time, as it did with Windows XP. But recently, I've had a crisis of faith. Perhaps I've rebooted Windows one too many times.
Over the past year, my frustration with Windows grew, as did my envy of Apple's cool new products.
(...)
In protecting Windows and Office revenues, Microsoft has innovated less quickly than it could have. The company relies on the same strategy that helped it years ago come to dominate the personal-computer market with the Windows operating system, despite mounting evidence that its customers are looking for a new approach. Competitors such as Linux and Google are gaining, and Microsoft seems unprepared for the road ahead.
(...)
percent of its revenue still comes from Windows and Office sales—more than 80 percent if you include the Windows server software used by so many businesses. The company must protect these core products. "The prime directive at Microsoft is to protect Windows and get customers to buy Windows and upgrades to Windows"
(...)
Microsoft clings to this strategy because it has to. Its stock price relies largely on the continued strength of Windows and the Office suite of applications (Word, Excel, Outlook, PowerPoint, etc.). But Microsoft's dominance is an aberration in an otherwise competitive technology industry. Windows, Office, and the Internet Explorer Web browser all have greater than 90 percent share of their respective markets. To protect the cash cows, Microsoft must do things that no other software company would be doing right now. It's a victim of its own success.
Microsoft hasn't solved many of the software problems I described earlier in part because of the lack of competition. "One of the most frustrating things about Windows is how it steals time from us," says Andrews, who has followed the company for years. Andrews hasn't upgraded his PC from Windows 98 or Office 2000. "I'd just as soon have a stable operating system—my time is more important."
Andrews was surprised to learn recently that Jim Allchin, Microsoft group vice president of platforms, didn't realize that many users don't buy new computers because of how hard it is to move all their data and applications. "He was totally oblivious to this," Andrews says. "It's a couple-day process. His head was in the clouds."
(...)
Recently, though, Microsoft announced that its next major Windows release, code-named "Longhorn," might be delayed beyond 2006 unless it is significantly pared down. It's already been three years since the release of Windows XP, and customers still have quality and security problems with it. Microsoft is so concerned about Windows XP security that it will likely give away its next upgrade to fix vulnerabilities and make it easier to deliver future fixes automatically.
To comprehensively address security issues, Microsoft has said it is building Longhorn from the ground up. Any time you start building an operating system from scratch, you create all sorts of unanticipated problems. If you are waiting for Microsoft to improve the consumer experience, you'll have to be patient.
(...)
How real is the open-source threat for Microsoft? Open-source technologies have always dominated Web-server software, the applications that deliver Web pages. According to NetCraft, a well-known Web site that tracks technology on the Internet, the open-source Apache Web server leads Microsoft's Internet Information Server by 67 percent to 21 percent market share. Meanwhile, open source's foray to the desktop has only begun.
(...)
Microsoft isn't blind to the open-source threat. It has appointed an experienced executive, Martin Taylor, to work more closely with open-source developers and to get corporate customers to analyze the total cost of ownership of software purchases.
(...)
My most memorable moment at Microsoft came during a technical review with Bill Gates. I will never forget the moment when I made an apparently obvious point to him. He responded, "What? Do you think I'm stupid?" Everyone was staring at me, and I felt it best not to answer. Like Gates, there were always people at Microsoft who were much smarter than me and more technically skilled. But he's created a corporate culture that sometimes struggles to see the forest for the trees—and I think this is what has led to some of the challenges that it faces today.
My biggest complaint about Microsoft is how hesitant they are to update Windows in a more modular fashion over time, instead saving innovation for large updates every several years. Apple, in contrast, is updating OS X monthly and sometimes weekly.
(...)
Meanwhile, Microsoft doesn't evoke passion in me anymore. Its products don't excite me anymore. I remember eagerly looking forward to Outlook 2003, only to be disappointed by how complex, buggy, and unimproved it was.
|
18:57 (# Enllaç permanent) ()
|
|
[Wired] Windows XP Bedevils Wi-Fi Users intenta trobar els motius pels quals, de vegades, Windows XP talla la connexió amb una xarxa sense fil, sense motiu aparent. Segons Microsoft, això no és un problema de Windows i afirmen que no tenen constància de cap problemàtica que afecti als usuaris però la realitat és que es tracta d'un problema força freqüent.
Investigant el problema, sembla que la funció d'autoconfiguració de xarxes sense fil de Windows, Wireless Zero Configuration, es torna boja. La solució consisteix en reiniciar el servei.
|
18:40 (# Enllaç permanent) ()
|
|
© Copyright 2003-2004 Xavier Caballe.  . El contingut d'aquest weblog és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
|
