| Resource |
Description |
| Microsoft TechNet Security Center |
Technical security information, including: security bulletins, virus alerts, tools, product security, how-to documents and checklists. This is the best one-stop-shop for Windows security information. |
| The SANS Institute |
The SANS Institute web page. This is an excellent resource, for both security news, training, and technical papers. Of particular interest is the SANS Reading Room and the regularly updated Top 20 Vulnerabilities list. Information about formal classes, offered at many times and locations, is also available. |
| SANS Internet Storm Center |
A SANS Institute page that covers current threats and internet activity monitored by SANS security experts. |
| SANS "Securing Windows 2000: Step by Step" |
The SANS Step-by-Step guide is a consensus guide to the actions that should be taken to secure a Windows 2000 computer before connecting it to the Internet. This information is also useful for Windows 2003, although some SANS recommendations were incorporated in the code for WIndows 2003. The ITCS LAN/NOS group purchased a PDF copy of this short, but very useful manual. Our license allows us to distribute copies to members of the U-M community on a per-request basis, but we cannot post the manual to our web site. U-M personnel may request a copy via email to w2ksupport@umich.edu. |
| News Groups |
microsoft.public.security (news.microsoft.com)
microsoft.public.security.baseline_analyzer (news.microsoft.com) |
| NTBugtraq |
The NTBugtraq email list is one of the most widely followed, independent venues, devoted to keeping track of Windows security issues as they arise. |
| Security Focus |
An excellent cross-platform security news and information site covering vulnerabilities, intrusion detection and firewalls, viruses, products and tools, and other articles written by computer security experts. |
| CERTŪ Coordination Center |
The CERT Coordination Center, at Carnegie Mellon University, is another excellent source for security information. From the CERT web site, "We study Internet security vulnerabilities, handle computer security incidents, publish security alerts, research long-term changes in networked systems, and develop information and training to help you improve security at your site." |
| Microsoft Baseline Security Analyzer |
The Microsoft Baseline Security Analyzer (MBSA) is used to analyze Windows systems for missing security patches and common security mis-configurations. |
| Windows Update |
The "Microsoft Windows Update" site provides semi-automated updates and service packs that can be applied over the network. This site checks the configuration of your Windows computer and then provides you with the opportunity to download and install the packages. This site can also be accessed from the Tools Menu in Internet Explorer. |
| Microsoft Windows Update Services |
Microsoft's page for information about their Windows Update Service (formerly known as SUS) that provides the ability to securely distribute patches to your environment. |
| Sysinternals |
The Sysinternals freeware page, with lots of functional tools for managing and monitoring Windows. |
