Patterns and Practices Security Engineering Explained — This download describes the patterns & practices Security Engineering approach that can be used to integrate security into your application development life cycle. The Security Engineering approach contains activities for identifying security objectives, applying secure design guidelines, creating threat models, conducting security architecture and design reviews, performing security code reviews, security testing, and conducting security deployment reviews.

Windows XP Security Guide — The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2) in three distinct environments:

  • Enterprise Client (EC). Client computers in this environment are located in an Active Directory directory service domain.
  • Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain.
  • Specialized Security - Limited Functionality (SSLF). Client computers in this environment are subject to extraordinary security concerns. These concerns are so great that a significant loss of functionality and manageability is acceptable.

Information about the security features in SP2 was included as an appendix to the previous version of this guide. This information has now been integrated throughout the guide, and thoroughly tested templates for Windows Firewall security settings (Windows Firewall replaced the Internet Connection Firewall in SP2) are provided. Information is also provided about closing ports, Remote Procedure Call (RPC) communications, memory protection, e-mail handling, Web download controls, spyware controls, and much more.
This guide is primarily intended for consultants, security specialists, systems architects, and IT planners who plan application or infrastructure development and the deployment of Windows XP workstations in an enterprise environment.

Windows Server Update Services Operations Guide — Comprehensive guidance on the major tasks involved in administering and troubleshooting Microsoft Windows Server Update Services (WSUS), including synchronization and managing computers and computer groups, as well as viewing, approving, testing, and storing updates, and running reports.

Update for Windows Server x64 – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.

Update for Windows Server 2003 – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.

Update for Windows Server 2003 Itanium – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.

Update for Windows Server 2003 – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 Itanium – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.

Update for Windows Server 2003 x64 – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.

Update for Windows 2000 – KB908506 — Install this update to address an issue on computers running Windows 2000 Service Pack 4 in which clients accessing a print device attached to a print server are no longer able to print when using the Lexmark Monolithic PCL driver after installing security bulletin MS05-043 (KB896423). After you install this item, you may have to restart your computer.

Implementing WSUS with ISA Server 2004 to manage Remote Clients — Today’s companies have a growing mobile workforce. Keeping these assets up to date with current patches is extremely important to ensure continued productivity and decreased security risk. Many organizations are finding it more and more difficult to keep these mobile devices patched as the need for VPN decreases as the number of applications utilizing Internet protocols such as HTTP and HTTPS grows. Using Windows Server Update Services (WSUS) in combination with Internet Security and Acceleration Server 2004 (ISA 2004) organizations can extend their existing Intranet based patch management to their growing number of mobile devices. The purpose of this document is to detail the implementation planning and steps needed to create an Internet based patch management solution using WSUS and ISA 2004.

Exchange Server 2003 SP2 — Exchange Server 2003 Service Pack 2 (SP2) offers new features and improvements to Exchange Server 2003. New features include support for mobility and message hygiene. Improvements have been made to address performance and reliability with public folders and with database size restrictions.

New for mobility is direct push, which is an Exchange technology that maintains an open connection between the mobile device and the server. Remote wipe is another new feature, and it enables administrators to delete sensitive data from a lost or stolen mobile device. Other features include global address list (GAL) lookup, policy provisioning whereby administrators can make supported policies more secure, support for certificate-based authentication, use of S/MIME to sign and encrypt mail, and server-based synchronization of Tasks.

Anti-spam improvements are included in the release of the integrated version 2 of Microsoft Exchange Intelligent Message Filter, and Sender ID, which is an industry-standard framework. Version 2 of Intelligent Message Filter contains significant improvements in the anti-spam area for SP2.

For Exchange Server 2003 Standard Edition, the hard-coded licensing database size limit has been increased from 16 GB to 75 GB. The administrator can set a protective database size limit (prevent unintentional database size growth). The default value will be 18 GB in SP2 for Standard Edition and the default can be changed.

Public folders are now more manageable. Administrators can now track who deleted public folders, stop and resume public folder replication, synchronize the public folder hierarchy, propagate access control list (ACL) changes through public folder hierarchy, and propagate replica list changes through the public hierarchy. Many of the improvements work toward minimizing the effect of replication storms.

There is a new version of the offline address book (OAB 4.0) that features the reduction in the OAB size, differential OAB update files, indexing based on locale setting, and improved diagnostic logging.

Deploying Microsoft Windows Server Update Services —  Comprehensive guidance on deploying Microsoft Windows Server Update Services (WSUS), including a description of how WSUS functions, and descriptions of WSUS scalability and bandwidth management features, as well as step-by-step procedures for installation and configuration of the WSUS server. You will find how to update and configure Automatic Updates on client workstations and servers that will be updated by WSUS, steps for migrating from Microsoft Software Update Services (SUS) to WSUS, and steps for setting up a WSUS server on an isolated segment of your network and manually importing updates.

 

Cheers!