ronaldg's ramblings

New Microsoft Security Blog

Microsoft's Security Vulnerability Research and Defense blog will provide in-depth technical information about the vulnerability research behind the patches and security updates the company releases each month.

The blog will be updated the second Tuesday of every month, aka "Patch Tuesday."

You may know that during technical investigations of security issues, a significant amount of information is discovered that doesn't make it in the official security updates.  This could be info such as situations or attack vectors where workarounds may not be 100% effective, and workarounds that are specific to a particular attack or that are so complicated that they can't be recommended to all customers.  There may also be info on mitigations that might not be present in all cases, best- practices-type guidance that applies to a particular vulnerability, and "interesting facts" about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way the company conducts investigations.   All-in-all some pretty good stuff, if you need, or just want, more in-depth info around these vulnerabilities or related security matters. 

Bloggers will include Damian Hasse, lead security software engineer at Microsoft, and Jonathan Ness, who leads the company's Secure Windows Initiative defense team.

Oh, and here's the link:  Security Vulnerability Research and Defense blog

Got backup? Even if you do, check out this new offering from Microsoft: System Center Data Protection Manager 2007

Hey everyone, I thought I had blogged about this previously but don't see it, so apparently I thought about it but didn't "git 'er done".  Back in November Microsoft released a new product, part of the System Center Management brand.  It's called Data Protection Manager 2007 (DPM).  This is basically the next generation backup solution. You'll want to know more about this product.  I got some initial training on this back in October, and I have to tell you I was impressed, and, obviously, I hope you will be too.  Since everyone needs a viable backup solution I'm thinking you'll want to check this out as a potential value-add solution to add to your repertoire.

Here's the general description blurb:
Microsoft System Center Data Protection Manager (DPM) is a server software application that enables disk-based data protection and recovery for file servers in an Active Directory domain. DPM performs replication, synchronization, and shadow copy creation to provide reliable protection and rapid recovery of data for both system administrators and users.

Here's some resources and related sites:
http://www.microsoft.com/systemcenter/dpm/default.mspx (DPM Home)
http://www.microsoft.com/windowsserversystem/storage/  (Storage Home)
http://technet.microsoft.com/en-us/dpm/bb655874.aspx (DPM Tech Library on TechNet)
http://technet.microsoft.com/en-us/dpm/bb655876.aspx (DPM docs on TechNet)
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032355428&CountryCode=US (DPM Webcast)
http://www.microsoft.com/technet/prodtechnol/dpm/proddocs/e4198bd1-1ca2-499c-9227-4e9258fa36de.mspx?mfr=true (DPM FAQ)

Be advised TS2 is also planning to include a section on DPM in our new content beginning in January.