• UK National Infrastructure Security Co-ordination Centre (NISCC), an interdepartmental organisation set up to co-ordinate and develop existing work within Government departments and agencies and organisations in the private sector to defend against electronic attack.
  http://www.niscc.gov.uk
  
• The US Department of Homeland Security
• SANS Institute : http://www.sans.org

The purpose of this guide is to provide a reference to many of the security settings available in the current versions of the Microsoft® Windows® operating systems.

This is a companion guide for The Windows Server 2003 Security Guide, available at http://go.microsoft.com/fwlink/?LinkId=14845 and the Windows XP Security Guide available at http://go.microsoft.com/fwlink/?LinkId=14839.

The chapters of this guide are split up to reflect the major sections that appear in the group policy editing user interface.

Each chapter begins with a brief explanation of what will be covered, followed by a list of subsection headers, each one of these corresponds to a setting or group of settings. Each of these, in turn, has a brief explanation of what the countermeasure does.

While many of the settings available in group policy are documented in this guide, not all of them are. That is because many of the group policy settings are intended to help organizations manage their environments but they aren't necessary directly related to security.

This guide only examines the settings and features available in Microsoft® Windows Server 2003™ and Windows XP® that can help an organization secure their enterprises.

The information provided within this guide should help you and your organization decide which specific countermeasures need to be put in place and how to prioritize that list.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/hardsys/TCG/TCGCH00.asp

Downloads and Resources   
Download Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP at http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-9346-F93A4081EEA8&displaylang=en

Download the Windows Server 2003 Security Guide at http://www.microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en

Download the Windows XP Security Guide at http://www.microsoft.com/downloads/details.aspx?FamilyId=2D3E25BC-F434-4CC6-A5A7-09A8A229F118&displaylang=en

• SIP - Session Initiation Protocol (SIP)
• SIMPLE - SI for Instant Messaging and Presence Leveraging Extensions (SIMPLE).

All these standards ensure an extensible platform for all real-time communications like:

• Audio and visual communication
• Instant messaging
• Application sharing
• Notifications
• SharePoint sites 
• Microsoft Office System programs like Outlook and others
• Remote assistance
• File transfer
  
• TLS - All server-to-server traffic can be encrypted with Transport Layer Security (TLS)
• Clients have the option of encrypting traffic to the server by using Transport Layer Security (TLS)
• RTP - Real-Time Transfer Protocol encryption is also supported.
• User Authorization through Active Directory with Kerberos V5 and NTLM.
• GPO - Group Policy Object (GPO) via Active Directory to manage bandwidth policies to set maximum limits on how much bandwidth is used in audio, video and file-transfer sessions.

For more information about implementing a centralized, secure and extensible IM solution, go on:

http://www.microsoft.com/office/system/realtime.mspx

http://www.microsoft.com/office/livecomm/prodinfo/default.mspx

This article provides a Microsoft Exchange 2000 Server deployment case scenario for an imaginary company.

This article guides you through the following six steps of an Exchange deployment:

1. Create a detailed deployment plan.
2. Begin a successful deployment of Microsoft Windows 2000.
3. Prepare Active Directory directory service and Exchange directories.
4. Install your first Exchange 2000 server.
5. Upgrade the information stores and other Exchange components.
6. Switch to Exchange native mode.
   

The purpose of this article is to provide you with a clear picture of upgrading from Exchange 5.5 to Exchange 2000, which you can use as a basis for your own deployment.

Network Working Group
Request for Comments: 3279
Obsoletes: 2528
Category: Standards Track 
W. Polk - NIST
R. Housley - RSA Laboratories
L. Bassham - NIST
April 2002

Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Table of Contents

• 1 Introduction
• 2 Algorithm Support
• 2.1 One-Way Hash Functions
• 2.1.1 MD2 One-Way Hash Functions
• 2.1.2 MD5 One-Way Hash Functions
• 2.1.3 SHA-1 One-Way Hash Functions
• 2.2 Signature Algorithms
• 2.2.1 RSA Signature Algorithm
• 2.2.2 DSA Signature Algorithm
• 2.2.3 Elliptic Curve Digital Signature Algorithm
• 2.3 Subject Public Key Algorithms
• 2.3.1 RSA Keys
• 2.3.2 DSA Signature Keys
• 2.3.3 Diffie-Hellman Key Exchange Keys
• 2.3.4 KEA Public Keys
• 2.3.5 ECDSA and ECDH Public Keys
• 3 ASN.1 Module
• 4 References
• 5 Security Considerations
• 6 Intellectual Property Rights
• 7 Author Addresses

Copyright Notice - Copyright (C) The Internet Society (2002). All Rights reserved.

Click the link bellow to see the full RFC or connect to http://www.rfc-editor.org/ and search in the RFC database 3279

• PKI Deployment Inside Microsoft 
• Windows Rights Management Services Deployment at Microsoft 
• Desktop Patch Management 
• Improve Security at Microsoft through Deployment of Windows XP Service Pack 2 
• Improve Security on Domain Isolation with IP Security (IPsec) 
• Incident Response-Managing Security at Microsoft
• Messaging Hygiene at Microsoft 
• Microsoft Helpdesk Use of Remote Assistance in Windows XP Professional 
• Microsoft IT Attack and Penetration Testing Team  
• Patch Management for Servers 
• Security Enhancements for Remote Access at Microsoft 
• Server Security Patch Management at Microsoft
• Smart Card Deployment at Microsoft 
• Systems Management Server 2003: Deployment at Microsoft 
• Desktop Patch Management at Microsoft 
• Systems Management Server 2003: How Microsoft Does Patch Management 

All theses documents are available for download here:

• About SHA Secure Hash Algorithm
  (SHA) A hashing algorithm that generates a message digest. SHA is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places. CryptoAPI references this algorithm by the algorithm's identifier (CALG_SHA), name (SHA), and class (ALG_CLASS_HASH). There are four varieties of SHA: SHA-1, SHA-256, SHA-384, and SHA-512. SHA-1 generates a 160-bit message digest. SHA-256, SHA-384, and SHA-512 generate 256-bit, 384-bit, and 512-bit message digests, respectively.
  
• SHA was developed by the National Institute of Standards and Technology (NIST) and by the National Security Agency (NSA).
  
• Secure Hash Standard
  A standard designed by NIST and NSA. This standard defines the Secure Hash Algorithm (SHA-1) for use with the Digital Signature Standard (DSS).
  
• RC2 block encryption algorithm. Key length: 40 to 88 bits 
  
• RC4 stream encryption algorithm. Key length: 40 to 88 bits
  

• Public/Private Key Pairs

Public/private key pairs are used for asymmetric encryption. Asymmetric encryption is used mainly to encrypt and decrypt session keys and digital signatures. Asymmetric encryption uses public key encryption algorithms.