Forefront TMG 2010 has been Discontinued !!!

Finally it was announced and Microsoft has decided to discontinue some of its very popular products such as Forefront Threat Management Gateway 2010 together with some others listed below:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

It also should be mentioned that among all of these, Forefront Protection 2010 for Exchange Server (FPE) will still be there but will be bound to Office365 and will be called Exchange Online Protection.

I still remember the rumor about a year ago about this decision but it was not confirmed then. Now that is is confirmed, there are still questions left on why Microsoft has made this strategic decision especially the decision to discontinue TMG which is a very popular product. It is now being used by a lot of companies as a gateway software for so many different purposes. It was the successor of popular Microsoft ISA Server 2006 and now all have been discontinued to be any further developed.

Continue reading

How to Patch the Internet Explorer 9 Security Vulnerability…

After the big security issue on Java 6, a few days ago we heard of a very serious security vulnerability discovered in Windows Internet Explorer 9 and below. This security problem would allow remote code execution on an infected machine by an attacker. This will be possible when the user clicks on a link and is redirected to a website that has malicious code inside that will exploit the vulnerability on the user’s machine.

Here is a link that will give you more information about the nature of the vulnerability: CVE-2012-4969

Microsoft reacted on this pretty critical issue, even thought not super fast, it took them only a couple of days (If I am not mistaken) to release a patch for it. It deserves a mention that some hours after the discovery of the issue, they introduced a workaround for the problem that could keep the machine safe but was not the best solution anyways and I don’t think any organization went through the hassle of implementing it on a big number of machines.

Anyways, Microsoft came up with the patch today and here is the link for you to get more information about it:

Microsoft Security Bulletin MS12-063

It will be automatically downloaded to your machines if you have enabled automatic update in Windows but if not, you can go directly to this link and download it:

Cumulative Security Update for Internet Explorer

Of course this was the link to the patch for a Windows 7 32-Bit version but if you are using other versions of Windows, you can go to the first link and get the right version of the update.

Please leave me a comment in case you have any more questions or concerns.

Cheers,

Esmaeil

Centralized Security in Windows Server 2012

Trying to control file security on enterprise servers is like herding extremely fertile cats; without clamping down on breeding, they’re soon too numerous to control. Microsoft (NSDQ:MSFT) addresses this problem with Dynamic Access Control, a feature in the forthcoming Windows Server 8 that introduces centralized, domain-level security for file and folder access that layers atop any existing file system permissions.

According to Microsoft, upwards of 80 percent of corporate data is found on company servers, often will little or no content documentation, custody auditing or departmental ownership metadata.

Delivered via a new version of Active Directory, Dynamic Access Control works by layering Kerberos security and an enhanced file-level auditing and authentication system that can automatically tag sensitive data based on content and creator.

Dynamic Access Control introduces claimsinto the Windows Server security lexicon, a concept long present in the broader realm of federated Internet security, but in Microsoft parlance refers to object assertions issued by Active Directory.

Active Directory 8 defines claims for files, folders and shares; all of which can be sent and applied to other Windows Sever 8 servers across an organization along with file property definitions and access policies.

The four-pillar Dynamic Access Control system begins with identification of high-impact data with manual, automatic or application-based tagging. For instance, administrations might choose to tag all Excel documents as sensitive, and search Word docs for certain words such as “confidential” for additional tagging.

Central access policies are created based on these file tags using a new expression-based tool in Active Directory Administrative Center that sets up access conditions for users and device claims and file tags and handles access-denied remediation.

By applying centralized policies automatically (or manually), access to such files can be restricted by multiple criteria, including user, device and department.

Part three of DAC is auditing, for which Microsoft provides centralized policies applicable across multiple servers using the same expression-based tool and claim support, plus a staging area that permits policy-change simulations.

The final pillar of Windows Server 8’s access security platform is data protection, which automatically applies Microsoft’s RMS security model to Office documents with near-real time protection immediately after documents are tagged and is extensible to non-Office documents.

Manage the Network Security from the Cloud using Windows Intune

While everything is moving to the cloud, you may wonder if it would be possible to manage the computers in the network from the cloud? The answer is yes, using Microsoft Windows Intune, you can protect your PCs from network threats and malware, manage security policies and firewalls, easily deploy the latest Microsoft security updates and help safeguard data with Bitlocker and Bitlocker to Go in Windows 7 Enterprise.

Microsoft believes Windows Intune, their web-based PC management service, is well-suited for companies and businesses with around 500 PCs. InTune bypasses (but respects) Active Directory (AD) and Group Policy (GP), offering instead a pretty simpler set of management capabilities that should be welcome to overtaxed IT departments in mid-sized businesses.

InTune hits a nice balance. It consists of a Silverlight-based web console that looks and feels a lot like Microsoft’s on-premise consoles as well as a set of client agents. From the web console, you can view details about the connected computers (alert statuses, update statuses, and malware protection statuses); view, manage, and configure how updates will be applied to your managed computers; view the anti-malware status for managed computers; view alerts, survey the software and software versions that are installed across your managed computers; optionally manage volume licenses to ensure that the software in your environment is correctly licensed; create and manage (non-GP) policies, view and create reports, and perform other administrative tasks.

Managed clients can include PCs running Windows XP SP2+, Vista, or 7 and requires a software agent install. For those environments using GP, Microsoft provides instructions for properly configuring the client (to avoid policy conflicts) and rollout the agent. Smaller outfits can deploy the client manually.

Windows Intune also does not support mobile devices like smartphones and tablets; it supports only Windows PCs. But Main says Microsoft plans to extend the support to mobile devices in future versions.

Microsoft also plans to integrate Windows Intune with Office 365 so that IT pros can use Intune to deploy Office in the cloud. But right now, that integration is not in place for Windows Intune 2.0.

System Center Endpoint Protection 2012

Hi all and happy late new year…

Today I want to introduce a new software by Microsoft called System Center Endpoint Protection 2012 which is going to be released soon. This is a really good software helping you centralize the endpoint security in your environment. It will be used in conjunction with System Center Configuration Manager to bring a lot of exciting new security features. As far as the information about the product says, there are going to be endpoint clients distributed out to clients through which clients could be connected to and therefore managed by the central management console which is installed on a server.

One of the interesting features is that if there are already anti-virus applications installed on the client computers, the endpoint client applications will automatically remove all those third-party anti-virus or anti-spyware softwares and will install itself instead. SCEP 2012 will also provide support for non-Microsoft clients. All in all, SCEP 2012 will allow you to combine the two concepts of security management and client management. Usually one of them is missing in almost all the solutions we see in the market and Microsoft believes with SCEP 2012 they can bring both security and client management in the same window for the admins.

There has not been so much information about it yet but there is a great interview video you can watch here which is all about SCEP 2012.

You can also download the Release Candidate from this link.

Best Wishes

Windows 8 Picture Password

One of the new features of Windows 8 is the ability of the user to create a picture password which is quite interesting in its kind. Never before had we seen such functionality in an operating system and Microsoft seems to be very keen in improving the consumer security with such new features in its new operating system coming soon to the market.

Picture password allows you to use a picture instead of text to log in but how? It’s pretty easy and you just need to choose a picture from your computer for your user and then specify which parts of the picture would you like to tap and how many times, before the Windows will allow you to log in.

So every time you want to log in, you will see that picture asking you to tap for example three times on it so that you can log in provided that you have tapped the right places on the picture. Of course tapping is not only restricted to tapping your fingers simply on the screen surface but it will also allow you to draw shapes like lines, circles and etc. on the screen with every tap.

This is a great improvement in Windows and I quite loved the idea. This will make it way more difficult for malicious users to break in by cracking the password. The level of the difficulty in this type of password of course to a large extent depends on the number of taps on the picture and the gestures you have drawn and also some other factors.

Here is a great link through which you can get more information about this new feature.

Techinsights 2011 SEA – Hey you… Stay away from my network…

Hi everyone,

This is right after my second session on the second day of Techinsights 2011 South East Asia here in Kuala Lumpur, Malaysia. The title of this session was Hey You.. Stay away from my network…

I uploaded the slides for you to download:

Cheers

Techinsights 2011 SEA – Security from the Ground up to the Cloud

Hello folks,

A few hours ago I finished my presentation in Techinsights 2011 South East Asia and here I left the slides for you. I hope you will enjoy it

Tech Insights 2011 SEA

Tech Insights is a 3-year old conference happening on 16th and 17th of November which focuses on the most recent technologies (mostly on Microsoft actually) in the market. Like the previous year, I am speaking at this conference this year and I will be presenting two topics which are as below:

Security from the ground up to the cloud which is going to be about security in cloud computing and generally those security implications that people would like to know about when moving to the cloud. a lot of things related to cloud computing and its security will be talked about in this session of mine.

Hey you… Stay away from my network is going to be my next session on the second day of Tech Insights SEA 2011… I once had a similar session to this at ELITE annual event but this one is supposed to be more technical and I’m going to show people real live demos of tips and tricks hackers use to get into your network and then I will show you how to stay firm against them.

I hope I will see you at Tech Insights this year. If you are attending the event, do come to me and say Hi and I would be more than happy to have a cup of tea (not coffee seriously) with you. Right now we are less than a week away from the event but the registration is still in progress. This year’s conference will be held at Monash university in Sunway city in Malaysia. During the two days of the event, you will be able to meet and talk to the speakers and professionals speaking at Tech Insights and I promise it will be a great experience.

If you need more information about Tech Insights 2011 SEA please visit their website at this link.

Wish you a great weekend

Detecting Common Attacks using TMG Intrusion Detection

Apart from those complicated and advanced-level attacks that are targeted against every network every once in a while, there are common attacks that could be really troublesome. A lot of time this happens when people believe that their network does not contain any important data to even go under attack and when the attack occurs, they panic because they don’t expect it and in fact they have nothing to even stop this type of attacks.

Forefront Threat Management Gateway 2010 has an IDS (Intrusion Detection System) inside as one of its features that can detect many of these attacks. To access and configure this feature in TMG you need to go to Intrusion Prevention System and then click on Behavioral Intrusion Detection and first click on Configure Detection Settings for Common Network Attacks:

Here you can see a list of different types of attacks that if checked will be detected and a log will be created for them in the Monitoring section of the TMG. For instance if you check the Port Scan, you can specify the number of ports to be scanned before the TMG considers the traffic as a port scanning attack and can log it.

In the other tab, we can also detect different types of attacks against the DNS service:

Coming back to the Behavioral Intrusion Detection tab in TMG, you can also click on Configure IP Options Filtering to filter specific IP options that may be included in the IP packet’s header. Most IP options in the packer header are harmless but there are some of them that could indicate malicious traffic and must be checked. They are shown below in the picture. If there is any traffic containing these options in the packet header, they will be dropped if you select Deny packets with the selected IP options.

Under the other tab called IP Fragment, you can block IP fragments to block the type of traffic generated from those applications that fragment the packets so that they will not be detected by the firewall but you have to keep in mind that if you enable blocking of IP fragments, you may also block other types of traffic such as L2TP which is pretty common in every network having remote users.

Again under Behavioral Intrusion Detection in TMG, if you click on Configure Flood Mitigation Settings, you will be able to detect and block flood attacks towards the TMG and facing the network. Using this feature you will be able to specify the number of allowed different types of connections to a host and if there are more requests than that, it will be detected as a flood attack and will be denied. You can click on Edit to configure the settings for any of the connection types:

After all this configuration, if there is any traffic detected as attack, it will be logged under the Monitoring section in TMG and will be visible under Alerts. After knowing the source of the attack you will be able to easily block it using the firewall feature if it is not by default blocked.

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book:

To get more information about the book click on the book below:

1

Cheers