Tag: security

Microsoft Security Compliance Manager

Solution Accelerator team have just released the final 3rd version Security Compliance Manager. Here are the key features of the new version:

  • Integration with the System Center 2012 Process Pack for IT GRC: Product configurations are integrated into the Process Pack for IT GRC to provide oversight and reporting of your compliance activities.
  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
  • Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
  • Centralized Management of Your Baseline Portfolio: The centralized management console of the Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows client and server operating systems, and Microsoft applications. The Security Compliance Manager also enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
  • Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines policy configurations just got easier. Use the customization capabilities of the Security Compliance Manager to duplicate any of the recommended baselines from Microsoft and quickly modify security settings to meet the standards of your organization’s environment.
  • Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.
  • Available policy configuration baselines include Windows Server 2012, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2003 SP2, Hyper-V, Windows 8, Windows 7 SP1, Windows Vista SP2, Windows XP SP3, BitLocker Drive Encryption, Windows Internet Explorer 10, Windows Internet Explorer 9, Windows Internet Explorer 8, Microsoft Office 2010 SP1, Microsoft Office 2007 SP2, Exchange Server 2010 SP2 and Exchange Server 2007 SP3.

 

You can download the tool from here.

Cumulative Update 7 for System Center Operations Manager 2007 R2

The 7th Cumulative Update for SCOM 2007 R2 was released. It is still unclear what fixes will propose this update as the knowledge base article which suppose to be here is still not uploaded. What is certain that this update fixes a security vulnerability: MS13-003: Vulnerabilities in System Center Operations Manager could allow elevation of privilege. The update itself you can download from here. I will keep monitoring if the knowledge base article is uploaded.

———–Update—————

Knowledge article was uploaded and here are the fixes provided in this update:

Cumulative Update 7 for System Center Operations Manager 2007 R2 fixes the following issues:

  • Console performs poorly when User Roles are used to scope object access.
  • Availability data is not shown for the current day when daily aggregation is used.
  • Behavior is inconsistent between some views on web console and console.
  • Log files do not roll over when the Unicode log file is monitored.
  • Several security issues are fixed.

Cumulative Update 7 for System Center Operations Manager 2007 R2 fixes the following cross-platform issues:

  • Logical disk performance statistics are not collected for some volume types on Solaris computers.
  • Some Network Adapters on HP-UX computers may not be discovered.
  • Network adapter performance statistics are not collected for HP-UX network adapters.
  • The Solaris 8 and 9 agent may not restart after an ungraceful shutdown.

Microsoft Security Compliance Manager 3.0 beta is available

SCM 3.0 beta is available for download at MS Connect site. New baselines for Windows Server 2012, Windows 8 and Internet Explorer 10 are introduced:

Windows Server 2012 Security Baselines:

  • Domain Controller Security Compliance
  • Domain Security Compliance
  • Hyper-V Security Compliance
  • Member Server Security Compliance
  • Web Server Security Compliance

    • Windows 8 Security Baselines:

  • BitLocker Security
  • Computer Security Compliance
  • Domain Security Compliance
  • User Security Compliance:

    • Internet Explorer 10 Security Baselines:

  • Computer Security Compliance
  • User Security Compliance

    • In a later stage of the Beta programs more baselines will be introduced for server roles in Windows Serer 2012:

  • Active Directory Certificate Services (AD CS)
  • DNS Server
  • DHCP Server
  • File Services
  • Network Policy and Access Servers
  • Print Services
  • Remote Access
  • Remote Desktop Services

Microsoft System Center Extensions: Security with Squadra Technologies secRMM

Squadra Technologies is a System Center Alliance partner and develops management packs specifically for System Center. In this video you will see demo of the product secRMM which provides monitoring and authorization for mobile and removable media devices.

Forefront End Point Protection 2010 Security MP for OpsMgr 2007 R2 has new version

This MP can monitor Forefront Endpoint Protection clients. Here are the feature that provides:

  • Monitor FEP Client health
  • Monitor Definition State
  • Monitor Malware State
  • Alert on active Malware
  • Alert on Pending Actions
  • Alert on Definitions out of date
  • Alert on RTP Off
  • Alert on Re-Infection
  • Alert on Malware Outbreak

    • The MP can be downloaded from here:

http://www.microsoft.com/download/en/details.aspx?id=9754