Forefront TMG 2010 has been Discontinued !!!

Finally it was announced and Microsoft has decided to discontinue some of its very popular products such as Forefront Threat Management Gateway 2010 together with some others listed below:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

It also should be mentioned that among all of these, Forefront Protection 2010 for Exchange Server (FPE) will still be there but will be bound to Office365 and will be called Exchange Online Protection.

I still remember the rumor about a year ago about this decision but it was not confirmed then. Now that is is confirmed, there are still questions left on why Microsoft has made this strategic decision especially the decision to discontinue TMG which is a very popular product. It is now being used by a lot of companies as a gateway software for so many different purposes. It was the successor of popular Microsoft ISA Server 2006 and now all have been discontinued to be any further developed.

Continue reading

How to Patch the Internet Explorer 9 Security Vulnerability…

After the big security issue on Java 6, a few days ago we heard of a very serious security vulnerability discovered in Windows Internet Explorer 9 and below. This security problem would allow remote code execution on an infected machine by an attacker. This will be possible when the user clicks on a link and is redirected to a website that has malicious code inside that will exploit the vulnerability on the user’s machine.

Here is a link that will give you more information about the nature of the vulnerability: CVE-2012-4969

Microsoft reacted on this pretty critical issue, even thought not super fast, it took them only a couple of days (If I am not mistaken) to release a patch for it. It deserves a mention that some hours after the discovery of the issue, they introduced a workaround for the problem that could keep the machine safe but was not the best solution anyways and I don’t think any organization went through the hassle of implementing it on a big number of machines.

Anyways, Microsoft came up with the patch today and here is the link for you to get more information about it:

Microsoft Security Bulletin MS12-063

It will be automatically downloaded to your machines if you have enabled automatic update in Windows but if not, you can go directly to this link and download it:

Cumulative Security Update for Internet Explorer

Of course this was the link to the patch for a Windows 7 32-Bit version but if you are using other versions of Windows, you can go to the first link and get the right version of the update.

Please leave me a comment in case you have any more questions or concerns.



Centralized Security in Windows Server 2012

Trying to control file security on enterprise servers is like herding extremely fertile cats; without clamping down on breeding, they’re soon too numerous to control. Microsoft (NSDQ:MSFT) addresses this problem with Dynamic Access Control, a feature in the forthcoming Windows Server 8 that introduces centralized, domain-level security for file and folder access that layers atop any existing file system permissions.

According to Microsoft, upwards of 80 percent of corporate data is found on company servers, often will little or no content documentation, custody auditing or departmental ownership metadata.

Delivered via a new version of Active Directory, Dynamic Access Control works by layering Kerberos security and an enhanced file-level auditing and authentication system that can automatically tag sensitive data based on content and creator.

Dynamic Access Control introduces claimsinto the Windows Server security lexicon, a concept long present in the broader realm of federated Internet security, but in Microsoft parlance refers to object assertions issued by Active Directory.

Active Directory 8 defines claims for files, folders and shares; all of which can be sent and applied to other Windows Sever 8 servers across an organization along with file property definitions and access policies.

The four-pillar Dynamic Access Control system begins with identification of high-impact data with manual, automatic or application-based tagging. For instance, administrations might choose to tag all Excel documents as sensitive, and search Word docs for certain words such as “confidential” for additional tagging.

Central access policies are created based on these file tags using a new expression-based tool in Active Directory Administrative Center that sets up access conditions for users and device claims and file tags and handles access-denied remediation.

By applying centralized policies automatically (or manually), access to such files can be restricted by multiple criteria, including user, device and department.

Part three of DAC is auditing, for which Microsoft provides centralized policies applicable across multiple servers using the same expression-based tool and claim support, plus a staging area that permits policy-change simulations.

The final pillar of Windows Server 8’s access security platform is data protection, which automatically applies Microsoft’s RMS security model to Office documents with near-real time protection immediately after documents are tagged and is extensible to non-Office documents.

Manage the Network Security from the Cloud using Windows Intune

While everything is moving to the cloud, you may wonder if it would be possible to manage the computers in the network from the cloud? The answer is yes, using Microsoft Windows Intune, you can protect your PCs from network threats and malware, manage security policies and firewalls, easily deploy the latest Microsoft security updates and help safeguard data with Bitlocker and Bitlocker to Go in Windows 7 Enterprise.

Microsoft believes Windows Intune, their web-based PC management service, is well-suited for companies and businesses with around 500 PCs. InTune bypasses (but respects) Active Directory (AD) and Group Policy (GP), offering instead a pretty simpler set of management capabilities that should be welcome to overtaxed IT departments in mid-sized businesses.

InTune hits a nice balance. It consists of a Silverlight-based web console that looks and feels a lot like Microsoft’s on-premise consoles as well as a set of client agents. From the web console, you can view details about the connected computers (alert statuses, update statuses, and malware protection statuses); view, manage, and configure how updates will be applied to your managed computers; view the anti-malware status for managed computers; view alerts, survey the software and software versions that are installed across your managed computers; optionally manage volume licenses to ensure that the software in your environment is correctly licensed; create and manage (non-GP) policies, view and create reports, and perform other administrative tasks.

Managed clients can include PCs running Windows XP SP2+, Vista, or 7 and requires a software agent install. For those environments using GP, Microsoft provides instructions for properly configuring the client (to avoid policy conflicts) and rollout the agent. Smaller outfits can deploy the client manually.

Windows Intune also does not support mobile devices like smartphones and tablets; it supports only Windows PCs. But Main says Microsoft plans to extend the support to mobile devices in future versions.

Microsoft also plans to integrate Windows Intune with Office 365 so that IT pros can use Intune to deploy Office in the cloud. But right now, that integration is not in place for Windows Intune 2.0.

System Center Endpoint Protection 2012

Hi all and happy late new year…

Today I want to introduce a new software by Microsoft called System Center Endpoint Protection 2012 which is going to be released soon. This is a really good software helping you centralize the endpoint security in your environment. It will be used in conjunction with System Center Configuration Manager to bring a lot of exciting new security features. As far as the information about the product says, there are going to be endpoint clients distributed out to clients through which clients could be connected to and therefore managed by the central management console which is installed on a server.

One of the interesting features is that if there are already anti-virus applications installed on the client computers, the endpoint client applications will automatically remove all those third-party anti-virus or anti-spyware softwares and will install itself instead. SCEP 2012 will also provide support for non-Microsoft clients. All in all, SCEP 2012 will allow you to combine the two concepts of security management and client management. Usually one of them is missing in almost all the solutions we see in the market and Microsoft believes with SCEP 2012 they can bring both security and client management in the same window for the admins.

There has not been so much information about it yet but there is a great interview video you can watch here which is all about SCEP 2012.

You can also download the Release Candidate from this link.

Best Wishes

Windows 8 Picture Password

One of the new features of Windows 8 is the ability of the user to create a picture password which is quite interesting in its kind. Never before had we seen such functionality in an operating system and Microsoft seems to be very keen in improving the consumer security with such new features in its new operating system coming soon to the market.

Picture password allows you to use a picture instead of text to log in but how? It’s pretty easy and you just need to choose a picture from your computer for your user and then specify which parts of the picture would you like to tap and how many times, before the Windows will allow you to log in.

So every time you want to log in, you will see that picture asking you to tap for example three times on it so that you can log in provided that you have tapped the right places on the picture. Of course tapping is not only restricted to tapping your fingers simply on the screen surface but it will also allow you to draw shapes like lines, circles and etc. on the screen with every tap.

This is a great improvement in Windows and I quite loved the idea. This will make it way more difficult for malicious users to break in by cracking the password. The level of the difficulty in this type of password of course to a large extent depends on the number of taps on the picture and the gestures you have drawn and also some other factors.

Here is a great link through which you can get more information about this new feature.

Let’s assume the worst !!!

I was reading an interview with Andy Dancer, the CTO of EMEA, Trend Micro and I really liked the point he had mentioned in his words that I thought why not would I share them with you…

What he was talking about actually was that the old approach of having a perimeter network as the security frontier doesn’t work anymore and we need to think about securing every host rather than looking at security in an enterprise as a whole. Nowadays the staff of a company tend to use their devices everywhere and even at work which is one easy way of letting intruders come in. Hackers do not have to come through the firewall anymore when they have such easy ways of accessing the network. One thing Dancer had suggested was encryption on every possible device, whether a PC or a server or a tablet and smartphone. Encryption plays a very important role in making sure the data is secure when the device is detached from the network. Microsoft Bitlocker could be a really good choice since it provides offline encryption as well.

Let’s just assume the worst by asking ourselves what if for instance this smartphone were compromised, what would be the risks the whole enterprise is going to be at? Is it that serious? What kind of data is it storing and if that data were revealed, would the company sustain losses and if yes, then to what extent?

Never think of patches as the only way to secure an end device. Patches for Microsoft platforms and softwares are released every Tuesday but they need to be tested and then applied on the server and it naturally takes a long time; then does it mean we need to let the host be in danger? Host-based IPS systems  are the suggested solution for this type of risk.  At least you can make sure that a lot of these kinds of attacks can be mitigated. I already have another article on my blog about mitigating 0-day exploits using Microsoft Enhanced Mitigation Experience Toolkit and it can be accessed from here.



5nine Anti-Virus and Virtual Firewall for Hyper-V

When it comes to cloud security, as I have mentioned before many times in my blog posts and presentations, it is not always the physical servers that need to be protected against the outside attacks but attacks from the inside have also become very critical. With all those different layers of security such as firewalls, IDS and IPS systems protecting the environment from those outside attacks, attackers are now thinking of attacking from the inside by only having a minimum needed access to some resources inside the cloud infrastructure.

This minimum access is usually and most of the time access to a virtual machine whereby the attacker can settle down and try to escalate his/her privilege. In order to secure the access between the virtual machines and to stop the hackers from accessing resources inside a VM from another VM, we need to make use of a firewall system to control the flow of traffic between the VMs. Before I go on with introducing a solution for that, it needs to be mentioned that there are already two ways to stop this kind of attack. The first thing is that there is a number of different filters built inside the Hypervisor in Microsoft Hyper-V and since the Hypervisor mediates access between the VMs, most of the attacks will be prevented. The other thing that is put inside Hyper-V is the use of VLANs and of course this is up to the designer to choose how he/she would make use of them to filter the traffic between different VMs throught the use of VLANs and virtual switches in Hyper-V.

But the one which this article is going to be about is 5nine Security Manager software which is an ant-virus and virtual firewall that helps us to be immune against this kind of attack. It provides a lot of different features:

  • Controls Network Traffic – Using simple PowerShell API/scripts or the management application, we can control the flow of the traffic between the VMs and also between the VMs and the external network.
  • Security Heartbeat Service – It’s a special kind of service that checks whether the rules are being enforced and if it feels like a VM for instance is compromised, it will stop the VM.
  • Anti-Virus and Anti-Malware protection – This type of scan is well-managed that never lets any type of performance degradation occur.
  • Bandwidth Throttling – It also includes a VM bandwidth shaper.
  • Stateful Packet Inspection.
  • Deployment options – 5nine Virtual Firewall can be used with Microsoft System Center Virtual Machine Manager to be deployed on the physical machine before any of the VMs are placed on the physical machine.
  • Compliance Audits – It makes the admin able to monitor and audit the network traffic flowing between the VMs any time.

In this post I tried to have an overview on this really good software and soon I will try to have a deeper dive into it.

For the time being, here is the website to have a close look at.


Techinsights 2011 SEA – Hey you… Stay away from my network…

Hi everyone,

This is right after my second session on the second day of Techinsights 2011 South East Asia here in Kuala Lumpur, Malaysia. The title of this session was Hey You.. Stay away from my network…

I uploaded the slides for you to download:


Techinsights 2011 SEA – Security from the Ground up to the Cloud

Hello folks,

A few hours ago I finished my presentation in Techinsights 2011 South East Asia and here I left the slides for you. I hope you will enjoy it