Upcoming Security Webcasts: June 2004
Security Webcasts are a convenient way for IT Professionals and Developers to stay technically updated on the latest Microsoft Security Guidance. These webcasts concentrate on security information and are presented by senior executives and other subject matter experts. They feature interactive technical presentations, product demonstrations, and question-and-answer sessions.
For IT Executives
Microsoft Executive Circle Webcast: Monthly Update from Microsoft's VP for Security - Level
June 22, 2004
8:30 AM - 9:30AM Pacific Time
Mike Nash, VP Security Business Unit, Microsoft Corporation
Join Mike Nash, Microsoft’s senior executive in charge of security, for his monthly security update. Mike will provide the latest details on Microsoft’s security enhancements, offer tips and insights into key security strategies for customers and provide new information on Microsoft's security technologies being delivered in upcoming service packs.
http://go.microsoft.com/fwlink/?LinkId=28964
For IT Professionals
Attend a TechNet webcast. Qualify to win a TechNet Plus subscription
Attend any live TechNet webcasts and be eligible to win a one year TechNet
Plus subscription. One winner will be selected from each webcast (U.S. only).
See the official rules for details.
TechNet Webcast: Implementing Server Security on Windows 2000 and Windows 2003 (Part 1) - Securing Servers: Core Server Security and Active Directory Security - Level 200
June 8, 2004
9:00 AM - 9:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast discusses and explains the importance of server security to your organization. We will explore core server security and the key components in the process of securing Active Directory®. We will then discuss some of the challenges small-to-medium sized businesses face when trying to secure a server environment, the importance of multiple layers of security, managing software updates, and how to use Active Directory to secure your server environment. This webcast includes a demonstration on how to create an Organizational Unit structure and apply a security template.
http://go.microsoft.com/fwlink/?LinkId=29281
TechNet Webcast: Implementing Client Security on Windows 2000 and Windows XP (Part 1) - Core Client Security, Securing Applications and Group Policy for Standalone Clients - Level 200
June 8, 2004
11:00 AM - 11:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast discusses the importance of implementing a core client security, concentrating on securing applications and securing standalone Windows® clients. We will discuss a fundamental, core set of client security topics along with securing a variety of applications such as Internet Explorer and Microsoft® Outlook® within an organization. From there we’ll discuss how to use Active Directory® and Group Policy to secure Windows clients. The presentation includes a demonstration on Securing Standalone Clients.
http://go.microsoft.com/fwlink/?LinkId=29849
TechNet Webcast: IIS 6.0: Built for Stability - Level 200
June 8, 2004
11:30 AM - 1:00 PM Pacific Time
Don Jones, Book Author and Founding partner of BrainCore.Net, BrainCore.Net
Sure, IIS 6.0 has a new architecture, and you may have heard about http.sys, application pools, Web gardens, and more, but what does it all mean, and why should you care? Join this Webcast and see what the new IIS architecture offers Web server administrators, and learn how to build Web servers than can survive the most challenging designs your Web developers can throw at it!
http://go.microsoft.com/fwlink/?LinkId=25234
TechNet Webcast: Information about Microsoft's June Security Bulletins - Level 200
June 9, 2004
10:00 AM - 11:00 AM Pacific Time
Christopher Budd, CISM, CISSP/Security Program Manager and Debby Fry Wilson, Director/Security Response Marketing
On June 8, Microsoft will release its monthly security bulletins. Join us for a brief overview of the technical details of the June security bulletins followed by an extensive Q&A session.
This webcast will focus on addressing your questions and concerns about the security bulletins. Therefore, the majority of the webcast session will give you the opportunity to ask questions and get answers from our security experts.
http://go.microsoft.com/fwlink/?LinkId=28770
TechNet Webcast: Security Patch Management Tools (Part 1) - Windows and Office Update - Level 200
June 9, 2004
11:00 AM - 11:45 AM Pacific Time
Kai Axford, TechNet Presenter, Microsoft Corporation
How are you evaluating, distributing, and installing software patches? This webcast discusses the importance of patch management and establishing a patch management process using Windows and Office Update as a patch management tool in your environment. We will present a brief overview of the patch management landscape, focusing on the role of Windows and Office Update as one of your patch management tools. From there this webcast will walk you through a demonstration on Configuring Automatic Windows Update.
http://go.microsoft.com/fwlink/?LinkId=29871
TechNet Webcast: Essentials of Security (Part 1) - Security and Defense - Level 200
June 14, 2004
9:00 AM - 9:45 AM Pacific Time
Shawn Travers, SST TechNet Presenter, Microsoft Corporation
How does a security plan affect the commerce of the business it is supposed to protect? How can you be sure your security plan implements the right kind of security for each type of vulnerability? This webcast presents a defense-in-depth model that can help provide protection for each layer of an infrastructure. The discussion also includes strategies for security response, common attack scenarios, and best practices. During this webcast we will walk through two demonstrations: Internet Connection Firewall and Protecting IIS 5.0.
http://go.microsoft.com/fwlink/?LinkId=29329
TechNet Webcast: Implementing Network and Perimeter Security - Level 300
June 14, 2004
11:00 AM - 12:30 PM Pacific Time
Byron Hynes, Consultant, Market Star
In this session for experienced IT professionals, you will build on existing knowledge of server and client security and learn how to apply best practices to implement perimeter and network defenses. The session will discuss the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. You will also learn how to increase security for wireless network access through the use of encryption and password authentication protocols.
http://go.microsoft.com/fwlink/?LinkId=29394
TechNet Webcast: Implementing Server Security on Windows 2000 and Windows 2003 (Part 2) - Hardening Member Servers and Hardening Domain Controllers - Level 200
June 15, 2004
9:00 AM - 9:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast addresses implementing security on many different types of servers found in a Windows 2000 Server and Windows Server 2003 environment and practical information on how to harden domain controllers. We will provide recommendations and practical information about how to harden servers in general and how to harden member servers, in particular. During this webcast we will see two demonstrations on using MBSA and Hardening Domain Controllers.
http://go.microsoft.com/fwlink/?LinkId=29399
TechNet Webcast: Implementing Client Security on Windows 2000 and Windows XP (Part 2) - Securing Your Environment with Active Directory - Level 200
June 15, 2004
11:00 AM - 11:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
This webcast will cover the role of Active Directory® in securing network clients and how to leverage Group Policy as a tool to enhance network security. Learn how to use Group Policy to standardize user permissions, simplify administration, and ensure consistent access and security standards. This webcast will also will walk you through two demonstrations with prescriptive information on how to modify Active Directory for client security and how to use Group Policy.
http://go.microsoft.com/fwlink/?LinkId=29874
TechNet Webcast: Security Patch Management Tools (Part 2) - MBSA and SUS - Level 200
June 16, 2004
11:00 AM - 11:45 AM Pacific Time
Kai Axford, TechNet Presenter, Microsoft Corporation
How are you evaluating, distributing, and installing software patches? This webcast reviews the importance of patch management and establishing a patch management process using the Microsoft® Baseline Security Analyzer (MBSA) and Software Update Services (SUS) as a patch management tool in your environment. Using these tools as part of a patch management strategy can benefit your organization in many ways, ultimately improving efficiency and saving time and money. Used properly, they can prevent downtime, loss of data, and other costly problems resulting from an improperly patched infrastructure. Join this webcast to find out how.
http://go.microsoft.com/fwlink/?LinkId=29882
TechNet Webcast: Essentials of Security (Part 2) - Security Risk Management Discipline - Level 200
June 21, 2004
9:00 AM - 9:45 AM Pacific Time
Shawn Travers, SST TechNet Presenter, Microsoft Corporation
So maybe you've heard of Security Risk Management Discipline (SRMD), but what is it exactly, what does it entail, and how do you implement it? This webcast will introduce you to SRMD and discuss its three primary processes: assessment, development, and implementation and operation. Then we go into extensive detail on the SRMD processes, their use and implementation, and best practices. We’ll also walk you through two demonstrations: Encrypting Network Traffic and Securing Data on a Disk. Join this webcast to learn not only the benefits of SRMD, but how to get the most out of it.
http://go.microsoft.com/fwlink/?LinkId=29891
TechNet Webcast: Implementing Server Security on Windows 2000 and Windows 2003 (Part 3) - Hardening Servers for Specific Roles and for Standalone Use - Level 200
June 22, 2004
9:00 AM - 9:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
You already know that hardening the servers in your infrastructure would improve efficiency and security, but how to do it? This webcast discusses hardening both role-specific and standalone servers. In discussing hardening of servers for specific roles, we will review the importance of applying the appropriate security templates and manually configuring server settings for the role. We will then discuss how to harden standalone servers using Security Configuration and Analysis or Secedit to apply security settings. This webcast will present two demonstrations on hardening servers for specific roles, and on hardening a stand-alone server.
http://go.microsoft.com/fwlink/?LinkId=29905
TechNet Webcast: Implementing Client Security on Windows 2000 and Windows XP (Part 3) - Software Restriction, Antivirus and Client Firewalls - Level 200
June 22, 2004
11:00 AM - 11:45 AM Pacific Time
Mark Mortimore, Senior Technical Specialist, Microsoft Corporation
Is your client-side security program effective and up-to-date? This webcast discusses important client defense strategies based on software restriction policies, antivirus software and client firewalls. Learn how a software restriction policy can improve client-side reliability and IT staff productivity, the importance of antivirus software and the cost-saving role it can play with a centralized deployment, and the need for client firewalls and the variety of firewall options available. This webcast also features two demonstrations: applying a software restriction policy and enabling the client firewall.
http://go.microsoft.com/fwlink/?LinkId=29912
TechNet Webcast: Applied Security Strategies - Level 300
June 23, 2004
9:00 AM - 10:30 PM Pacific Time
Byron Hynes, Consultant, Market Star
In this session for experienced IT professionals, you will build on existing knowledge of server and client security and learn how to apply best practices to implement perimeter and network defenses. The session will discuss the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. You will also learn how to increase security for wireless network access through the use of encryption and password authentication protocols.
http://go.microsoft.com/fwlink/?LinkId=29916
TechNet Webcast: Security Patch Management Tools (Part 3) - SMS with the SUS Feature Pack - Level 200
June 23, 2004
11:00 AM - 11:45 AM Pacific Time
Kai Axford, TechNet Presenter, Microsoft Corporation
Do you have an effective, comprehensive patch management strategy? Do you know when to use Systems Management Server (SMS) and when to use Software Update Services (SUS)? In this webcast we will discuss using SMS and the SUS Feature Pack as patch management tools in your environment and how they fit into a comprehensive patch management strategy. SMS and SUS offer different advantages and benefits to an organization. This webcast will review their different capabilities and how they contribute to a secure infrastructure.
http://go.microsoft.com/fwlink/?LinkId=29917
TechNet Webcast: Mitigation Best Practices - Level 200
June 24, 2004
1:00 PM - 2:30 PM Pacific Time
Jesper Johansson, Security Program Manager, Microsoft Corporation
In a perfect world, everything is patched and up-to-date. But what if you have security vulnerabilities, a worm is on the loose, and deploying the patches would be too risky or time-consuming? Welcome to the security practice of "mitigation." In this webcast you will learn how mitigating measures can be used to minimize the impact of security problems in situations where you cannot install patches immediately. The discussion also shows how to analyze various scenarios to determine when and whether mitigation is appropriate for a given situation.
http://go.microsoft.com/fwlink/?LinkId=29918
TechNet Webcast: Passwords Demystified - Level 200
June 25, 2004
1:00 PM - 2:30 PM Pacific Time
Jesper Johansson, Security Program Manager, Microsoft Corporation
How does Windows® handle, store, and use passwords? How are passwords attacked? This webcast discusses these vital password topics as they apply to Windows systems. Join this webcast to hear from a true expert in the field – Dr. Johannson – as he covers everything you wanted to know about how passwords are managed in Windows.
http://go.microsoft.com/fwlink/?LinkId=29919
For Developers
MSDN Webcast: Dave’s Top 10 Ways to Secure Your Web Application - Level 300
June 1, 2004
9:00 AM - 10:30 AM Pacific Time
David Anthony
This webcast presents practical best practices for writing secure ASP.NET code. Dave’s Top 10 field-tested practices are: 10) Hash your passwords in the Presentation Tier, 9) Use Role Based Authentication, 8) Use Declarative Security with PrincipalPermissionAttribute and SecurityAction.Demand, 7) Use Imperative Security with IsInRole, 6) Roll your own custom Principal, 5) Wrap possibly unsecure code with Try Finally (includes cleanup tips), 4) Defeat brute-force attacks with maximum retry counts, 3) Encrypt sensitive data in .config files and other places with System.Security.Cryptography, 2) Use Code Access Security to ensure least-privilege in your assemblies, 1) Use the Framework – DON'T REINVENT THE WHEEL!
http://go.microsoft.com/fwlink/?LinkId=29503
MSDN Webcast: Essentials of Application Security (Part 1) - Secure Communications - Level 300
June 2, 2004
9:00 AM - 9:45 AM Pacific Time
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast is the first of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Secure Communications in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, this presentation concentrates on secure communications as part of a larger security solution, examining specific techniques such as using certificates in the Secure Sockets Layer (SSL). The webcast includes two demonstrations: Buffer Overruns and SSL Server Certificates.
http://go.microsoft.com/fwlink/?LinkId=29505
MSDN Webcast: .NET Framework Security (Part 1) - Features and Cryptography - Level 300
June 7, 2004
1:00 PM - 2:30 PM Pacific Time
Dan Fox, Technical Director, Quilogy
Are you aware of the application security and cryptography features available to you through Microsoft® .NET Framework? This webcast begins with an overview of these features, including Buffer overrun protection, Arithmetic error trapping and Isolated Storage. From there we provide a review of cryptography and discuss the encryption features and tools that .NET offers the developer, such as Symmetric and Asymmetric Encryption. The webcast includes two encryption-related demonstrations: Investigating .NET Data-Type Safety Using the Checked Keyword and Performing Symmetric Encryption Signing Data.
http://go.microsoft.com/fwlink/?LinkId=29512
MSDN Webcast: Essentials of Application Security (Part 2) - Authentication - Level 300
June 9, 2004
9:00 AM - 9:45 AM Pacific Time
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast is the second of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authentication in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authentication as part of a larger security solution, examining specific Authentication techniques and best practices in IIS. The webcast includes two demonstrations: Buffer Overruns and IIS Authentication Techniques.
http://go.microsoft.com/fwlink/?LinkId=29860
MSDN Webcast: Writing Secure Code - Best Practices - Level 300
June 11, 2004
1:00 PM - 2:30 PM Pacific Time
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this webcast for experienced developers, you will learn established best practices for applying security principles throughout the development process. We will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and you will learn effective strategies to defend against those threats.
http://go.microsoft.com/fwlink/?LinkId=29284
MSDN Webcast: .NET Framework Security (Part 2) - Code Access and Role-Based Security - Level 300
June 14, 2004
1:00 PM - 2:30 PM Pacific Time
Dan Fox, Technical Director, Quilogy
Are you aware of the code access and role-based security features available to you through Microsoft® .NET Framework? This webcast delves into Framework’s many code access security concepts, including evidence-based security, partial trust applications, and Sandboxing privileged code. From there we will cover role-based security within the .NET Framework, such as authentication and authorization, creating generic identities and principals, and imperative and declarative security checks. This webcast features two important and useful demonstrations: Using the .NET Framework Configuration Tool, Performing Security Checks and Requesting Permissions; and Using Windows Role-Based Security and Using Generic Role-Based Security.
http://go.microsoft.com/fwlink/?LinkId=29869
MSDN Webcast: Essentials of Application Security (Part 3) - Authorization - Level 300
June 16, 2004
9:00 AM - 9:45 AM Pacific Time
Mark D. Scott, Senior Software Engineer, RDA Corporation
This webcast is the third of a 3-part series about the importance of Application Security and its best practices and guidelines. This part specifically addresses Authorization in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, we concentrate on Authorization as part of a larger security solution, examining Trusted Subsystem Model Authorization techniques and best practices. The webcast includes two demonstrations: Buffer Overruns and Trusted Subsystem Model Authorization Techniques.
http://go.microsoft.com/fwlink/?LinkId=29877
MSDN Webcast: Writing Secure Code - Threat Defense - Level 300
June 18, 2004
9:00 AM - 10:30 AM Pacific Time
Joel Semeniuk, VP of Software Development, ImagiNET Resources Corp.
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.
http://go.microsoft.com/fwlink/?LinkId=29889
MSDN Webcast: .NET Framework Security (Part 3) - ASP .NET Web Applications and Services - Level 300
June 21, 2004
1:00 PM - 1:45 PM Pacific Time
Dan Fox, Technical Director, Quilogy
Are you aware of the security issues for Microsoft® ASP.NET Web applications, and the application security features available to you through Microsoft .NET Framework? This webcast begins by laying out the security issues for Microsoft ASP.NET Web applications. From there we’ll enumerate the security issues for Web services, and then delve into the Web Service Enhancements for security. This webcast features two important and useful demonstrations: Configuring Forms Authentication and Using Validation Controls and Implementing Security for a Web Service.
http://go.microsoft.com/fwlink/?LinkId=29900
Additional Webcast Resources
§ ALL upcoming Webcasts: http://go.microsoft.com/?LinkID=393776
§ ALL on-demand Webcasts: http://go.microsoft.com/?LinkID=393768
§ TechNet Webcasts: http://go.microsoft.com/?LinkID=446906
§ MSDN Webcasts: http://go.microsoft.com/?LinkID=410865
§ MSDN Architecture Webcasts: http://go.microsoft.com/?LinkID=410866
§ Microsoft Executive Circle Webcasts: http://go.microsoft.com/?LinkID=393792
§ Microsoft Office System Webcasts: http://go.microsoft.com/?LinkID=410868
§ Microsoft Business Solutions Webcasts: http://go.microsoft.com/fwlink/?LinkId=29943
§ Security Webcasts: http://go.microsoft.com/?LinkID=410863