Tip

No Microsoft security cert, now what?

 

No Microsoft security cert, now what?
By Ed Tittel
LANWrights, Inc.

Although it's unlikely that Microsoft will be adding a security-specific credential anytime soon (http://www.mcpmag.com/news/article.asp?EditorialsID=454

Requires Free Membership to View

), that doesn't mean you should ignore your Windows security education. In this tip, I'm going to point out my top ten Windows security online resources -- and urge you to monitor at least some of them as diligently as you monitor your own company's systems and networks.

  1. Microsoft's Security Pages
    There's a wealth of security information on Microsoft's Web site scattered all over the place. The security pages create a clearinghouse of pointers to information broken down by category. If you manage Microsoft networks, this is a must-visit site.
  2. Microsoft's HotFix and Security Bulletin Service
    Though not always the first to publish, this service is the most authoritative source for critical security updates. Every savvy Windows administrator's security routine should include a regular review of the Windows Security Bulletins mailed from here. You'll also find great pointers to technical security resources on this page.
  3. Microsoft Security Tools
    Part of the treasure trove of information and materials that is TechNet, this page brings all of Microsoft's security related tools together in one place for easy download. Though you might sometimes elect to buy the third-party vendor's full-blown version, this is a good place to find out what's available tool-wise, and to take advantage of Microsoft's relentless urge to create more tools and utilities.
  4. Security Administrator
    Run by Mark Joseph Edwards, a long-time member of the Microsoft security community, this site (part of the Windows & .NET Magazine network) is a source of news, information, exploits and more. It offers a Windows security bulletin service that is worth signing up for since it sometimes reports exploits or potential exposures before Microsoft does. Worth a visit.
  5. MCP Magazine Security Center
    Although this magazine's primary focus is Microsoft certification, it does a surprisingly good job of covering security and other matters germane to what certified Microsoft professionals experience on the job. Its lead security guru is Roberta Bragg, author of many good books on Windows security. Bragg brings extensive experience and knowledge to bear on her reporting and explanations of security matters.
  6. Anti-Virus/Security Advisories
    There are lots to choose from but you'll want to sign up with one or more of the following advisory groups to stay on top of potential sources of infection and trouble: While you're at it, don't forget to sign up for advisories from your antivirus software vendor(s), too.
  7. NTBugTraq
    Run by Russ Cooper, TruSecure Corporation's "Surgeon General" on Windows bugs and security issues, this site remains one of the most balanced, best-informed and earliest sources of information on security topics. One of my personal favorites.
  8. SANS Institute
    In addition to offering a GIAC (Global Information Assurance Certification) program that includes a mid-tier Windows-focused credential (the closest thing I know to a real Windows security certification), SANS also collects and publishes papers from all its GIAC Windows-certified individuals. This has resulted in a library of useful (but spotty) white papers on all kinds of Windows security topics. Worth checking out.
  9. Security Focus Though its scope extends way beyond Windows, this is one of the best general sources of security news, information and updates. It also operates some useful and informative mailing lists. Security Focus is my favorite clearinghouse for security information online.
  10. SecurityURLs
    My colleague, Michael Stewart, and I teach twice-yearly courses on Windows Security topics for the NetWorld+Interop trade show. Although I'm stunned to observe this, our list of Windows resources online (and in print) includes some of the best coverage of Windows security scanners and security related tools and resources available anywhere.

And of course, as a value-added bonus, don't forget to visit any of TechTarget's excellent Web sites, particularly SearchSecurity and SearchWin2000. Although I didn't include them in my top ten, you'll find a wealth of Windows security-related information on both of those sites.

Keeping up with Windows security is an ongoing and -- sometimes -- full-time job. If you start working with several of these sites and services, they'll help you cope with the never-ending drama of keeping Windows systems and networks safe. Think of it as a promise of your own job security.


Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 30 certification-related books on Microsoft, Novell, and Sun related topics.


This was first published in March 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.