No Microsoft security cert, now what?
By Ed Tittel
Although it's unlikely that Microsoft will be adding a security-specific credential anytime soon (http://www.mcpmag.com/news/article.asp?EditorialsID=454), that doesn't mean you should ignore your Windows security education. In this tip, I'm going to point out my top ten Windows security online resources -- and urge you to monitor at least some of them as diligently as you monitor your own company's systems and networks.
- Microsoft's Security Pages
There's a wealth of security information on Microsoft's Web site scattered all over the place. The security pages create a clearinghouse of pointers to information broken down by category. If you manage Microsoft networks, this is a must-visit site.
- Microsoft's HotFix and Security Bulletin Service
Though not always the first to publish, this service is the most authoritative source for critical security updates. Every savvy Windows administrator's security routine should include a regular review of the Windows Security Bulletins mailed from here. You'll also find great pointers to technical security resources on this page.
- Microsoft Security Tools
Part of the treasure trove of information and materials that is TechNet, this page brings all of Microsoft's security related tools together in one place for easy download. Though you might sometimes elect to buy the third-party vendor's full-blown version, this is a good place to find out what's available tool-wise, and to take advantage of Microsoft's relentless urge to create more tools and utilities.
- Security Administrator
Run by Mark Joseph Edwards, a long-time member of the Microsoft security community, this site (part of the Windows & .NET Magazine network) is a source of news, information, exploits and more. It offers a Windows security bulletin service that is worth signing up for since it sometimes reports exploits or potential exposures before Microsoft does. Worth a visit.
- MCP Magazine Security Center
Although this magazine's primary focus is Microsoft certification, it does a surprisingly good job of covering security and other matters germane to what certified Microsoft professionals experience on the job. Its lead security guru is Roberta Bragg, author of many good books on Windows security. Bragg brings extensive experience and knowledge to bear on her reporting and explanations of security matters.
- Anti-Virus/Security Advisories
There are lots to choose from but you'll want to sign up with one or more of the following advisory groups to stay on top of potential sources of infection and trouble:
Run by Russ Cooper, TruSecure Corporation's "Surgeon General" on Windows bugs and security issues, this site remains one of the most balanced, best-informed and earliest sources of information on security topics. One of my personal favorites.
- SANS Institute
In addition to offering a GIAC (Global Information Assurance Certification) program that includes a mid-tier Windows-focused credential (the closest thing I know to a real Windows security certification), SANS also collects and publishes papers from all its GIAC Windows-certified individuals. This has resulted in a library of useful (but spotty) white papers on all kinds of Windows security topics. Worth checking out.
- Security Focus Though its scope extends way beyond Windows, this is one of the best general sources of security news, information and updates. It also operates some useful and informative mailing lists. Security Focus is my favorite clearinghouse for security information online.
My colleague, Michael Stewart, and I teach twice-yearly courses on Windows Security topics for the NetWorld+Interop trade show. Although I'm stunned to observe this, our list of Windows resources online (and in print) includes some of the best coverage of Windows security scanners and security related tools and resources available anywhere.
And of course, as a value-added bonus, don't forget to visit any of TechTarget's excellent Web sites, particularly SearchSecurity and SearchWin2000. Although I didn't include them in my top ten, you'll find a wealth of Windows security-related information on both of those sites.
Keeping up with Windows security is an ongoing and -- sometimes -- full-time job. If you start working with several of these sites and services, they'll help you cope with the never-ending drama of keeping Windows systems and networks safe. Think of it as a promise of your own job security.
Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 30 certification-related books on Microsoft, Novell, and Sun related topics.
This was first published in March 2002