Thursday, September 30, 2004
Free Microsoft Security E-Learning Clinics
Microsoft Learning announced the free, worldwide availability of Hands-On Labs 2811, Applying Microsoft Security Guidance, at http://www.microsoftelearning.com/security/.
This offering consists of four 90-minute labs where you can perform security-related procedures in a safe, networked environment powered by Microsoft Virtual Server technology.
Security Clinics & Labs
1. E-Learning
a) Clinic 2801: Microsoft® Security Guidance Training I
b) Clinic 2802: Microsoft® Security Guidance Training II
c) Clinic 2806: Microsoft® Security Guidance Training for Developers
2. Hands-On Labs
Hands-On Lab 2811: Applying Microsoft® Security Guidance Training
Now you can make use of these labs for free at any time by registering at http://www.microsoftelearning.com/security/. Note that these are the first free hands-on labs online offered by Microsoft Learning and these will be followed by additional free labs on Windows XP Service Pack 2.
Tuesday, September 28, 2004
Trustworthy Computing
Trustworthy Computing ~= Ensure a safe and reliable computing experience
Trustworthy Computing Goals:
1. Security - The customer can expect that systems are resilient to attack, and that the confidentiality, integrity, and availability of the system and its data are protected.
2. Privacy - The customer is able to control their information and feel confident it is not only safe and used appropriately, but in a way that provides value to them.
3. Reliability - The customer can depend on the product to fulfill its functions.
Business Integrity The vendor of a product behaves in a responsive and responsible manner.
Microsoft Trustworthy Computing Framework - SD3+C:
1. Secure by Design — Improving architecture and engineering.
2. Secure by Default— Reducing attack service by disabling unnecessary functions.
3. Secure in Deployment — Ongoing protection, detection, defense, recovery, and maintenance through good tools and guidance.
4. Communications — Listening to customers and communicating clearly, openly, respectfully, and honestly.
For more info Refer here:
1. MSDN TV: Thinking About Security: Secure by Design, Secure by Default, Secure in Deployment and Communications.
2. Paper on Trustworthy Computing - twc_mundie.doc.
3. Trustworthy Computing 2003 Year in Review.
Trustworthy Computing Goals:
1. Security - The customer can expect that systems are resilient to attack, and that the confidentiality, integrity, and availability of the system and its data are protected.
2. Privacy - The customer is able to control their information and feel confident it is not only safe and used appropriately, but in a way that provides value to them.
3. Reliability - The customer can depend on the product to fulfill its functions.
Business Integrity The vendor of a product behaves in a responsive and responsible manner.
Microsoft Trustworthy Computing Framework - SD3+C:
1. Secure by Design — Improving architecture and engineering.
2. Secure by Default— Reducing attack service by disabling unnecessary functions.
3. Secure in Deployment — Ongoing protection, detection, defense, recovery, and maintenance through good tools and guidance.
4. Communications — Listening to customers and communicating clearly, openly, respectfully, and honestly.
For more info Refer here:
1. MSDN TV: Thinking About Security: Secure by Design, Secure by Default, Secure in Deployment and Communications.
2. Paper on Trustworthy Computing - twc_mundie.doc.
3. Trustworthy Computing 2003 Year in Review.
FAQ: Visual Studio 2005 Team System
The Visual Studio 2005 Beta 1 Refresh contains Community Technology Preview (CTP) of Visual Studio 2005 Team System along with the same previous beta release.
Check this link to know What is Visual Studio 2005 Team System and what it's benifits and all your queries related to
1. Visual Studio 2005 Team System: General
2. Advanced Development Tools
3. Testing Tools
4. Work Item Tracking
5. Source Code Control
Please make sure you read both the Visual Studio 2005 Readme and the Visual Studio Team System Readme prior to installing this release.
Check these Resources for:
** Architects
** Developers
** Testers
** Project Managers
** Team Development
Friday, September 24, 2004
URL alias feature of the MSDN site
Recently you can find few nice changes in the Visual Studio 2005 beta documentation online.
1. New URL Scheme
In the MSDN online Library (Visual Studio 2005 beta documentation), they introduce a new feature named “URL Alias”.
URLs are in the format http://msdn2.microsoft.com/library/.aspx .
You can see the documentation for a class or namespace by suffixing the fully qualified name of the class after: http://msdn2.microsoft.com/library/.
It is really cool. Isn’t?
For instance, if I want to go to the Security namespace; type http://msdn2.microsoft.com/library/system.security.aspx to see all the classes in the Security namespace. It will help in prevent broken links/favorites in the future.
2. Alternative Table of Contents Model
They are introducing the nested Table of Contents (TOCs) instead of a tree control for better navigation. For more info check this TOC organization will be changing.
1. New URL Scheme
In the MSDN online Library (Visual Studio 2005 beta documentation), they introduce a new feature named “URL Alias”.
URLs are in the format http://msdn2.microsoft.com/library/
You can see the documentation for a class or namespace by suffixing the fully qualified name of the class after: http://msdn2.microsoft.com/library/.
It is really cool. Isn’t?
For instance, if I want to go to the Security namespace; type http://msdn2.microsoft.com/library/system.security.aspx to see all the classes in the Security namespace. It will help in prevent broken links/favorites in the future.
2. Alternative Table of Contents Model
They are introducing the nested Table of Contents (TOCs) instead of a tree control for better navigation. For more info check this TOC organization will be changing.
Thursday, September 23, 2004
What Microsoft India Community Star Means?
Microsoft India Community Star program is completely revamped now to provide more value to the Community Stars.
Now this Community Star program will be recognized and awarded at the Asia Pacific regional level.
Click her for: Community Star Nomination Alert
Microsoft India Community Star is defined as follows in the MSDN India:
The Microsoft India Community Star is a recognition program that strives to identify dedicated individuals within technical communities who share a passion for technology and the spirit of community. Community Stars are recognized for both their demonstrated technical expertise and an ongoing willingness to share the experience within technical communities. They are usually found active in newsgroups, online forums, user groups, actively writing articles and always inventing new ways to help their peers.
For more details and to see some valuable comments over this program check the blog from "Microsoft India MVP Lead" Abhishek.
Monday, September 20, 2004
Another Review for my Book!!!
Book Review: .NET Security and Cryptography
Security is the new buzz word in the industry nowadays. This book .NET Security and Crytography is co-authored by an Indian MVP Arun Ganesh, who was good enough to give me a copy of this book, when he was here last time.
Well, I was quite suprised that he choose to write on a subject that, though it includes the buzz word of "security", is still considered niche by most application developers. And the authors make no pretence of this being a normal run of the mill book. They are very specific it is a practical guide to writing secure code and cryptography.
Well the book is quite exhaustive and covers all you can think of in the subject area. They cover everything that you will need to know if you are working with encryption of any kind in .NET.
My recommendations - If you are new to .NET or learning .NET, dont even go near this book. It may frighten you. But if you are comfortable with .NET and are working on apps where you need to securely store data, then this book may be the best bit of advice you can get.
September 9, 2004 in Book Reviews by Anand M
Security is the new buzz word in the industry nowadays. This book .NET Security and Crytography is co-authored by an Indian MVP Arun Ganesh, who was good enough to give me a copy of this book, when he was here last time.
Well, I was quite suprised that he choose to write on a subject that, though it includes the buzz word of "security", is still considered niche by most application developers. And the authors make no pretence of this being a normal run of the mill book. They are very specific it is a practical guide to writing secure code and cryptography.
Well the book is quite exhaustive and covers all you can think of in the subject area. They cover everything that you will need to know if you are working with encryption of any kind in .NET.
My recommendations - If you are new to .NET or learning .NET, dont even go near this book. It may frighten you. But if you are comfortable with .NET and are working on apps where you need to securely store data, then this book may be the best bit of advice you can get.
September 9, 2004 in Book Reviews by Anand M
Thursday, September 09, 2004
Short URL for my Microsoft MVP Profile
You can find the Short URL for my Microsoft MVP Profile in Microsoft Community Site.
Thanks to Clarius Consulting.
Thanks to Clarius Consulting.
Wednesday, September 08, 2004
Which one is best DPAPI or .NET Framework classes to encrypt the sensitive data in ASP.NET?
I knew DPAPI is suggested choice. But after reading Shawn blog I got clear idea why DPAPI is best instead of .NET Cryptography classes.
We can use Data Protection API (DPAPI) to encrypt sensitive data. It is part of Windows 2000 and later operating systems.
To know more about DPAPI ; check the following links.
1. http://support.microsoft.com/default.aspx?scid=kb;en-us;309408
2. Windows Data Protection
3. How To: Use DPAPI (Machine Store) from ASP.NET
4. How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
5. How To: Store an Encrypted Connection String in the Registry
We can use Data Protection API (DPAPI) to encrypt sensitive data. It is part of Windows 2000 and later operating systems.
To know more about DPAPI ; check the following links.
1. http://support.microsoft.com/default.aspx?scid=kb;en-us;309408
2. Windows Data Protection
3. How To: Use DPAPI (Machine Store) from ASP.NET
4. How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
5. How To: Store an Encrypted Connection String in the Registry
.Net Framework Cryptography -- Frequently Asked Questions
Check this link for Cryptography Overview
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconnetframeworkcryptographymodel.asp
With the classes in the System.Security.Cryptography namespace contains classes you can do a lot of crypto things both symmetric and asymmetric cryptography, create hashes, and provide random number generation.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconnetframeworkcryptographymodel.asp
With the classes in the System.Security.Cryptography namespace contains classes you can do a lot of crypto things both symmetric and asymmetric cryptography, create hashes, and provide random number generation.
Tuesday, September 07, 2004
Code Samples
This .NET Code Samples are worth to download it. These .NET samples covers Microsoft Windows-based applications, Web applications, and XML Web services and a lot. Download it ; Learn it; Use it; Reduce your Development time!!!
Wednesday, September 01, 2004
Microsoft DevDays 2004 Streaming Sessions
You can now access the recordings of the Microsoft DevDays 2004 sessions. Microsoft DevDays 2004 was presented in over 40 locations worldwide and trained tens of thousands of attendees on best practices for Web development, smart client development, and writing secure code.
It is worth to watch it.
The key thing is you can downlaod the Source Code too!!!
Download the source code for Microsoft's submission to eWEEK's OpenHack competition, which survived over 82,500 hack attempts unscathed.
Download the source code for the DevDays Web Developer Track demos.
