Microsoft has released its guidance on best practices to protect enterprises from malicious attack. Here is a summary of the report recommendations:
- Keep all software up-to-date: Attackers will try to use vulnerabilities in all sorts of software from different vendors, so it is important for organizations to keep all of the software in their environment up to date and run the latest versions whenever possible.
- Demand software that was developed with a security development lifecycle: Until you get a software update from the affected vendor, test it, and deploy it, it’s important that you manage the risk that attackers will attempt to compromise your environment using these vulnerabilities.
- Restrict websites: Limit web sites that your organization’s users can visit. This likely won’t be popular in the office, but given the majority of threats found in the enterprise are delivered through malicious websites, you might have the data needed to make a business case.
- Manage security of your websites: Many organizations don’t realize that their websites could be hosting the malicious content that is being used in these attacks. Organizations should regularly assess their own web content to avoid a compromise that could affect their customers and their reputation.
- Leverage network security technologies: technologies like Network Access Protection (NAP), Intrusion Prevention System (IPS), and content filtering can provide an additional layer of defense by providing a mechanism for automatically bringing network clients into compliance (a process known as remediation) and then dynamically increasing its level of network access.
- Cisco Warns of Internet Dangers That Are Easily Preventable (eweek.com)
- Microsoft expands encryption and boosts legal protections for its data to tackle government spying (thenextweb.com)
- Microsoft expands encryption and boosts legal protections for its data to tackle government spying (alternativenewsalert.com)
- Windows XP Zero-Day Vulnerability Popular (informationweek.com)