Microsoft has released Forefront security for Office Communications Server (FSOCS) as RTM.
FSOCS provides fast and effective protection against IM-based malware for OCS 2007 and OCS 2007 R2 environments by including multiple scanning engines from industry-leading security partners. FSOCS also helps reduce corporate liability by blocking instant messages containing inappropriate content.
This release includes:
- 64bit support
- Support for OCS 2007 R2
- Support for OCS 2007 Enterprise Edition server roles
- Integration with OCS 2007 Access Edge role to protect corporate IM from external public IM threats
- Localization in 11 languages
It’s available for download here: FSOCS
Microsoft has released a beta version of UrlScan 3.0. UrlScan is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server. UrlScan can also be configured to help against SQL injection attacks.
Download UrlScan 3.0 beta:
Supported platform: Internet Information Services 5.1, 6.0 or 7.0
Steve Schofield has written some nice posts on his blog about SQL injections:
Microsoft has released ISA Server 2006.
ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data.
Read more at the Microsoft ISA website and download a trial.
Microsoft has updated the Windows Server 2003 Security Guide to version 2.1.
This updated version of the Windows Server 2003 Security Guide provides specific recommendations for hardening computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments. The Legacy Client (LC) environment must support older operating systems such as Windows NT 4.0 and Windows 98. In the Enterprise Client (EC) environment, Windows 2000 is the earliest version of the Windows operating system in use. The Specialized Security – Limited Functionality (SSLF) environment is one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable tradeoff to achieve maximum security.
Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The guidance and provided tools assume that each server will have a single role, but if you need to combine roles for some of the servers in your environment you can customize the included security templates to create the appropriate combination of services and security options. The referenced server roles in this guide include the following:
• Domain controllers that also provide DNS services
• Infrastructure servers that provide WINS and DHCP services
• File servers
• Print servers
• Internet Information Services (IIS) servers
• Internet Authentication Services (IAS) servers
• Certificate Services servers
• Bastion hosts
This guide is a companion to two other Microsoft publications: the Threats and Countermeasures Guide and the Windows XP Security Guide.
This guide is intended primarily for consultants, security specialists, systems architects, and IT professionals who are responsible for the planning stages of application or infrastructure development and the deployment of computers that run Windows Server 2003 with SP1 in enterprise environments. This guide is not intended for home users.
Download the Windows Server 2003 Security Guide 2.1 Guide here.
