Have you seen Microsoft's "5-Minute Security Advisor" documents? According to the company's TechNet site (where you'll find the documents), "The 5-Minute Security Advisor series has been created to help quickly communicate important security topics, tasks, and issues. The advisor will point to the content necessary to go deeper into technical details or into step-by-step, how-to guides."
The series currently includes 15 documents divided into four levels, with each level based on users' situations, expertise, and needs. You'll find security-related documents for small office/home office (SOHO) and home users, power users, IT professionals, and network and systems administrators. Available documents cover a range of subjects:
- Simple Firewall Setup for Home Office Users
- Protecting Your Computer Against Compromise
- Configuring Your Computer for Multiple Users
- Getting the Most from Windows Update (Automated Security Assessment and Updates)
- Essential Security Tools for Home Office and Power Users
- Using the Encrypting File System
- Basic Physical Security
- Using the Internet Connection Firewall
- The Road Warrior's Guide to Laptop Protection
- How Windows XP Protects Your Privacy
- How Outlook Security Works
- Configuring Outlook Web Access
- Choosing A Good Password Policy
- Recovering Encrypted Data Using EFS
- Signing Office Objects
As you can see, the list includes a variety of topics--and if you want to see a document about a particular topic that isn't covered, you're invited to submit that topic for the series.
In addition to the 5-Minute Security Advisor documents, Microsoft maintains a long list of "Security How-Tos" that explain various tasks you're likely to perform on Windows-based systems. On the how-to Web page, you'll find dozens of documents that cover various aspects of security for XP, Windows 2000 Server, Win2K Professional, Microsoft IIS, and Microsoft Internet Security and Acceleration (ISA) Server 2000. For example, the IIS section includes information about how to prevent mail relaying through the SMTP connector and how to use IP Security (IPSec) to secure communications between hosts. The XP section includes instructions for sharing encrypted files and for preventing users from running or stopping scheduled services. The ISA Server 2000 section includes information about how to filter Web Proxy cache entries. Although most of the articles have been published and available in the TechNet database for some time, they seem to have been recently updated.
Finally, have you tried Microsoft Software Update Services (SUS)? The service is designed to audit a system and determine which patches that system might need. You can learn more about SUS, where Microsoft has posted additional information that includes a Flash-based demo of the service. The two versions of SUS serve individual users as well as corporate users. I've seen complaints about SUS posted on various mailing lists. For example, to determine whether a specific patch is missing, SUS checks only registry keys, whereas another Microsoft tool, HFNetChk, checks files to detect versioning or checksum issues that SUS would miss. If you use SUS or a third-party patch-auditing tool instead, please send me an email message about your experience.
I'm not surprised that Microsoft's emphasis on security and trustworthy computing has led to an increased emphasis on security resources. Let me know what you think about these resources, such as the 5-Minute Security Advisor documents, or about other resources you've discovered.