Those interested in security topics may be interested in these chats and web casts:
11/5/03 11:30 AM - Windows Networking/Security - Microsoft Executive Circle
Webcast: Secure Network Access for your Business
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237319&Culture=en-US
Enterprises are evolving into virtual communities where employees demand
anywhere/anytime access to email, files, and other business-critical
applications, regardless of the method or device being used to connect. To
meet networking demands, enterprise networks must be both agile and secure.
Agile networks allow employees to respond quickly, enhancing efficiency and
productivity.
11/6/03 9:30 AM - Windows Server/Scripting - TechNet Webcast: Put the
Scripting Guys Out of Business: Learn to Create Your Own HTAs - Level 200
http://msevents.microsoft.com/cui/eventdetail.aspx?culture=en-US&eventid=1032236668
How many of you have thought to yourself, "You know, the Scripting Guys aren
't so great. The only difference between them and me is that they know how
to create HTAs (Hypertext Scripting Applications) and I don't." Well, now
comes your big chance: in this Webcast, Scripting Guy Greg Stemp will show
you how you can create your very own HTAs. Tune in, and you'll never need
the Scripting Guys again!
11/6/03 10:00 AM - Windows Server - MVP Only Chat: Windows Server Technical
Documentation Round Table
http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000066
Join Microsoft technical documentation experts for a round table discussion
to share thoughts, comments and ideas related to getting better connected
with the Microsoft documentation and review process. Note: All MVPs are
welcome but the chat's focus is strictly on server docs.
11/6/03 12:30 PM - Windows Networking/Security - TechNet Webcast: Securing
Wireless Security Solutions - Level 300
http://msevents.microsoft.com/cui/eventdetail.aspx?culture=en-US&eventid=1032237963
Wireless networks are an ideal option for keeping employees connected and
freeing them from their dependence on LAN (local area network) connections.
Analysts anticipate marked gains in productivity from wireless adoption; and
wireless networks help organizations minimize the use of costly switches and
cabling. However, the same capabilities that make wireless so attractive can
also open up vulnerabilities to malicious access. ( more description at
webcast link)
11/7/03 11:30 AM - Windows Server - TechNet Webcast: Introduction to Windows
Server 2003 - Level 200
http://msevents.microsoft.com/cui/eventdetail.aspx?culture=en-US&eventid=1032237092
This session introduces the new features of Microsoft® Windows ServerT 2003
and shows how they can be used to streamline administration, speed
deployment, and resolve issues with past Windows network deployments. The
broad range of topics includes Active Directory®, IIS 6.0, and scalability.
11/12/03 8:00 AM - Security - TechNet Webcast: Microsoft Security
Resources - Level 200
http://msevents.microsoft.com/cui/eventdetail.aspx?culture=en-US&eventid=1032237093
Today enterprises face the challenge of getting their systems secure and
keeping them secure. The technologies and processes required to protect
business data while minimizing system downtime are difficult to implement
and configure. Time spent dealing with security issues and viruses leads to
downtime and lost productivity. In this session we will discuss and
demonstrate a number of security resources, tools and services offered by
Microsoft for the enterprise environment such as the Microsoft Baseline
Security Analyzer, the IIS Lockdown Tool, the security guides for Windows
2000, Windows XP, and Windows Server 2003, as well as discuss some guidance
on how to manage patches in your environment.
11/13/03 9:30 AM - Windows Server/Networking - TechNet Webcast: Building a
Internet Service Provider (ISP) using IIS 6.0 - Part I - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237095&Culture=en-US
The first of a two part series designed to help intranet and internet
administrators of IIS 6.0 understand how to securely build a internet
service provider solution using IIS 6.0. This first part will focus on the
IIS configuration that allows for complete user isolation (content and
process model) . This will also advise how to build complete backup
solutions in case of disaster recovery.
11/13/03 11:30 AM - Windows Server/Security - Microsoft Executive Circle
Webcast: Advanced Web Server Security with IIS 6.0 and Windows Server 2003
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032238039&Culture=en-US
IIS 6.0 provides vastly improved security for Web servers. IIS 6.0 is locked
down by default, limiting the attack surface through aggressive security
defaults. Web Service Extensions, which prohibits any executable from
running unless it is specifically allowed, makes it very difficult for an
attacker to launch malicious applications on the server. In addition, there
are many important security related improvements including rigorous html
parsing standards, new server logs and status codes to facilitate
troubleshooting web applications, and the ability to change worker process
identity from the user interface. These IIS improvements coupled with
security improvements in the Windows 2003 Server Family allow you to
securely deploy your web servers and keep them secure while decreasing
system management costs. Join in this webcast to hear why customers have
switched from Linux and Apache to Windows Server 2003 and IIS 6.0, and from
IIS 4.0 and IIS 5.0 to IIS 6.0, for the security and additional benefits IIS
6.0 offers.
11/13/03 8:00 PM - Windows Server - TechNet Webcast: Automating
Administration of Windows Server 2003 - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237094&Culture=en-US
This session gives an overview of Windows Server 2003 command line tools and
scripts, and does not cover every available tool. Scenarios demonstrate how
command line tools can automate administration of Active Directory,
management of printers and print queues, and remote information-gathering by
help desk personnel.
11/14/03 9:00 AM - Security - TechNet Chat: Security Bulletin Discussion
http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000015
Each month, after we release a security patch, the PSS Security Core team
will conduct a chat to explain the patch and vulnerability to users and
allow those users to understand the impact of the patch in their
environments.
11/14/03 9:30 AM - Windows Server/Networking - Inside Windows 2003
Infrastructure Networking Services - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237097&Culture=en-US
This session examines new features of the Dynamic Host Configuration
Protocol (DHCP) in Windows Server 2003 and shows how to configure DNS
servers and zones. It also shows how to enable IPSec to secure TCP/IP
traffic and gives an overview of basic Internet Protocol version 6 (IPv6)
concepts.
11/18/03 10:00 AM - Windows Networking - Support WebCast: Features and
Advantages of Microsoft Windows IAS RADIUS Server
http://support.microsoft.com/default.aspx?scid=830853
This Support WebCast will provide an overview of the features and advantages
of Microsoft Remote Authentication Dial-In User Service (RADIUS) server,
Internet Authentication Service (IAS). The session will talk about IAS, a
component in Windows Server platform that is used for centralized management
of policy-based access, accounting, and secure authentication. IAS is also
used for load balancing, RADIUS compliance, and extensibility. The session
will also describe how this service can be incorporated into VPN and
wireless topologies.
11/18/03 1:00 PM - Windows Networking - Secure Your Networks: Wireless Set
Up and Security
http://www.microsoft.com/usa/webcasts/upcoming/2431.asp
There's no question that wireless technologies provide flexibility for
organizations to provide mobility to users throughout the enterprise,
however, many ponder the following question: Are wireless technologies as
insecure as you've heard them to be? Hear from wireless technology experts
about how organizations around the world have used a combination of
encrypted wireless technologies, network tunneling, and new technologies
(802.1x, certificate-based encryption, NAT-T, etc.) together with Microsoft®
Windows ServerT 2003 to leverage security best practices for creating
end-to-end secured wireless communications. (These can also be easily added
as member server systems into existing Microsoft Windows NT® 4.0 and
Microsoft Windows® 2000 networks.) All attendees to the session will receive
a "top 10" list on how to lock down security holes in wireless networks, and
then use publicly available test tools to validate secured communications.
11/19/03 8:00 AM - Security/TechNet - TechNet Webcast: TechNet
Subscribers -- Look Inside the Security Readiness Kit (SRK) - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032238180&Culture=en-US
Don't miss the Security Readiness Kit (SRK) in your TechNet subscription. It
is designed to give you portable access to the documentation and tools you
need to help ensure that your network operates with the best security
possible. Along with great documentation, you will also find tools, patches,
and service packs. See how this information can be combined with online
resources to integrate the most current guidance and to take advantage of
the latest enhancements.
11/19/03 11:30 AM - Windows Networking/Security Microsoft Executive Circle
Webcast: Mitigating Risk: Prepare your Network for the next attack
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237729&Culture=en-US
While there is no substitute for patch management when it comes readying
your systems and network against the next attack, there are strategies you
can implement today to help mitigate the risk and impact of security
attacks. This Technical Perspectives webcast discusses approaches to
securing your servers as well as workstations. By implementing mitigating
controls at three physical levels you can find ways to stay ahead of the
next worm or virus.
11/20/03 9:30 AM - Windows Server - TechNet Webcast: Windows 2003 Server
Troubleshooting & Disaster Recovery - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237100&Culture=en-US
This session details a variety of tools and methods to back up data,
troubleshoot startup and shutdown problems, and repair Windows Server 2003
systems.
11/20/03 10:00 AM - Windows Networking - TechNet Chat: Configuring and
Deploying DHCP with Windows Server 2003
http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000015
Join the Windows DHCP product development team for a chat on the new
features of DCHP in Windows Server 2003. If you've seen the Webcast on
Windows Server 2003 Infrastructure Networking Services
(http://www.microsoft.com/usa/webcasts/ondemand/2375.asp) in October or
recently downloaded the Windows 2003 Server Deployment Kit
(http://www.microsoft.com/downloads/details.aspx?familyid=d91065ee-e618-4810
-a036-de633f79872e), the team will be happy to take your questions on
deployment, configuration, and tools for implementing DHCP.
11/21/03 11:30 AM - Security - TechNet Webcast: Using Microsoft Security
Tools - Level 200
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032237136&Culture=en-US
This session looks at a variety of free Microsoft tools that can help make
systems more secure.
11/25/03 10:00 AM - Windows Networking - TechNet Chat: Wireless and VPN
authentication using Microsoft IAS server
http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000015
?>
?>
Community Bulletin
Revamping the Security Bulletin Release Process * October 15, 2003
In response to extensive customer feedback, Microsoft is implementing
changes in the way security bulletins are released. A detailed white paper
about the changes that are being implemented can be found at
http://www.microsoft.com/technet/security/bulletin/revsbwp.asp.
Security bulletins will normally be released on the second calendar Tuesday
of every month. However, the first monthly bulletins will be released on
Wednesday, October 15, 2003.
As before, Microsoft will issue a single security bulletin per patch. An
additional security bulletin summary document per product family will be
issued that will provide summarized information for all the patches released
that month for the product family. Microsoft will also provide additional
prescriptive guidance within the security bulletins including workarounds
for all vulnerabilities where a workaround is feasible, risk-assessment for
specific threats, and other information that will make it easier for
customers to evaluate and deploy the patches. A Knowledge Base article for
every patch will be created that will provide a link to the corresponding
security bulletin without duplicating the same information.
The new security bulletin format and process applies to both the technical
bulletin (targeted at IT Pros and other technical users) and the consumer
bulletin (targeted at the non-technical users). The primary differences are
in the level of technical details and that the consumer bulletin will be
limited to Windows and Office patches.
Microsoft currently provides customers with a number of tools and resources
to help manage the complex task of patch management and deployment. These
tools and resources are located at
http://www.microsoft.com/technet/security. Microsoft also provides clear
product lifecycle policies (
http://www.microsoft.com/lifecycle) so customers
are able to plan on the availability of security patches for supported
software products.
Customers using Microsoft's patch management and deployment tools such as
SMS (Systems Management Server) with Feature Pack 3, SUS (Software Update
Services), MBSA (Microsoft Baseline Security Analyzer), Windows Update and
Office Update will not need to upgrade or replace their tools to continue
using them.
Customers using non-Microsoft patch management and deployment products will
need to work with their vendors to ensure that their products continue to
function with the new process.