On November 17, Microsoft Vice President of the Security Business Unit Mike Nash gave a Webcast that discussed what Microsoft is doing to improve IT security. If you're interested in watching it, you'll find it at
Nash's presentation was a sort of prelude to numerous other Webcasts to come. Beginning December 1, Microsoft will present a series of Webcasts aimed at helping people better understand and more effectively apply and use security with the company's products. So far, the company has scheduled more than a dozen Webcasts, each to last about 1 1/2 hours. Here's a brief rundown of the scheduled programs:
* ShopTalk: IT Security Webcast–-This Webcast discusses how Microsoft secures its own IT assets and intellectual property, the information security team's functions, and the company's security solutions.
* Using Portable Handheld Devices in a Secure Manner–-This Webcast discusses how to protect information stored on PDAs as well as communication security.
* Secure Network Access–-Learn how to use Windows Server 2003 along with Microsoft Internet Security and Acceleration (ISA) Server to secure wireless, wired, and remote access connectivity.
* Designing a Secure - Reliable - and Usable Patch Management Infrastructure–-Find out how to design and deploy an effective patch-management solution. In addition, the company introduces its new Microsoft Solution for Patch Management and discuss the solution's architecture.
* Securing Your Exchange 2003 Environment–-This Webcast is a review of basic security features for servers, messages, and communications built into Microsoft Exchange Server 2003. Topics include delegation of authority, mitigation of Denial of Service (DoS) attacks and viruses, interconnectivity and remote connectivity, and the use of encryption for secure transports.
* Effectively Using IIS Security–-Get an overview of Microsoft Internet Information Services (IIS) 6.0 security architecture, including a review of the improved security features in Secure Sockets Layer (SSL), Microsoft .NET Passport authentication, URL authorization, and delegation of authority.
* Penetration Testing, Vulnerability Scanning, and Security Auditing-–Learn how to plan and conduct audits and determine, according to the data gathered, whether your network meets your security requirements.
* Using the Microsoft Security Tools-–This Webcast is a review of several tools available for free from Microsoft, including the Microsoft Baseline Security Analyzer (MBSA), Mbsacli, IISLock, URLScan, Qchain, security templates, subsystem auditing features, and the Microsoft Solution for Securing Windows 2000 Server.
* Safeguarding Information with Windows Rights Management Services–-This Webcast discusses architectural considerations for Windows Rights Management Services (RMS), including Active Directory (AD) integration, server enrollment, and machine activation.
* Microsoft Windows Server 2003 Security Enhancements--Get an overview of Windows 2003's security improvements with regard to Group Policy, authentication, object-based access control, security policy, auditing, AD, data protection, network data protection, public key infrastructure (PKI), and trusts.
* Software and Patch Management with Software Update Service, Windows Update, and SMS–-Learn how to install and distribute patches by using Microsoft Software Update Services (SUS) and Microsoft Systems Management Server (SMS), including the use of automatic updates.
* Demystifying IPSec–-Find out how IP Security (IPSec) works to protect data and learn about five scenarios in which you can effectively use IPSec, including enforcement of domain membership and the elimination of man-in-the-middle attacks.
* 10 Things Hackers Don't Want You to Know-–This session actually covers 14 things intruders might do to compromise a network.
You can learn more about the Webcasts, including their scheduled times, at the first URL below. While you're at it, stop by Microsoft's page for "prescriptive guidance" (second URL below), at which you'll find documentation that helps you understand how to better secure your perimeter, network, hosts, applications, and data.