Tools from the TechNet Security Center
You are probably all too aware that IT security is about much more than just installing a few key tools and applications and then keeping current with security updates. You not only have to keep your systems secure on a day-to-day basis by taking the right preventative measures and having the most appropriate security and management tools, but you also have to find ways to foresee future threats and implement strategies to combat them.
In the midst of all of this, you have to deal with security threats that come from simple user mistakes. To combat such problems you might need to better educate your users, as well as place policy restrictions on particular machines. You know the sorts of problems that might arise. A user might, for example, set up an open, insecure wireless access point and connect it to the corporate network. Or an employee might loan a company laptop to a friend, who then fills it with peer-to-peer file-sharing applications and malware.
Microsoft TechNet offers a broad range of tools and guidance in the recently redesigned TechNet Security Center
. It offers a single, well-organized site that brings together all the best security guidance for IT pros, providing tools for specific Microsoft products and covering known security issues. The left-hand navigation lays out the options. At the top, you’ll see a Security Bulletin Search that lets you browse all recent Security Bulletins by product, date, severity rating, or service pack number.
The Products & Technologies menu gives you instant access to all the current security-related content concerning the key individual products and technologies (including Active Directory®, Exchange Server, IIS, Office, and all major versions of the Windows® operating system from Windows 98 through to Windows XP).
The Security Center team recognized that at times you need content that isn’t tied to a single product, but instead relates to a variety of multi-product, task-based scenarios. As a result, the Topics section provides you with guidance on how security issues impact matters such as: Architecture and Design; Assessment; Auditing and Monitoring; Compliance and Policies; Cryptography, Certificates, and Secure Communications; Desktop Security; Developing Secure Applications; Disaster Recovery; Identity Management; Network Security; Patch Management; Server Security; and Threats and Countermeasures.
The new Understanding Security section gives you one-click access to content designed to help you enrich your understanding of key network security issues. Learning Paths, for example, provides resources organized by experience level (ranging from introductory to expert) and includes information on the planning, prevention, detection, and response phases of security implementation.
Meanwhile, the TechNet Virtual Lab for Security provides you with a virtual environment where you can improve the planning and management of your organization’s security strategy. It gives you a place to familiarize yourself with and test security features of products such as Exchange Server 2003, Internet Security and Acceleration (ISA) Server, and Windows Server™ 2003, as well as tools such as the Microsoft Baseline Security Analyzer (MBSA) and Windows Server Update Services (WSUS). And if you’re looking to upgrade your Microsoft certifications, you can make use of the courses, exam guides, and books within the Microsoft Learning Security Resources at the TechNet Security Center.
Geof Wheelwright is a consultant on Information Architecture for the TechNet online group at Microsoft. He is currently working on enhancements to TechNet Solution Centers. Geof can be reached at firstname.lastname@example.org.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited