Here is an interesting new report http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20-%20Socially%20Engineered%20Malware%20Q3%202009.pdf

The Microsoft Public Sector team is running a series of Live Meetings on a range of technology topics between October and December 2009.  Our Live Meetings will provide insight, demonstrations and customer examples from the Public Sector to demonstrate how you can make the most of your investment in Microsoft software.

All the Live Meetings will be delivered by Microsoft technical expertise supported by our business partners and relevant customer examples.  You will also have the opportunity to interact with the presenters during the Live Meetings and get answers to your questions on any of the technologies that we are covering in the series.

The Microsoft Live Meetings for the Public Sector are scheduled for Fridays and most take place between 12:00-12:45. This is the schedule we are running between October and December 2009:

Friday October 2       12:00-12:45     Maximise the value of your Microsoft investment with Desktop Optimisation

Invitation Code: 649F11

Friday October 16     12:00-12:45     Enable the mobile organisation with Microsoft Unified Communications

Invitation Code: B9AE93

Friday October 30     12:00-12:45     Improving performance management using Microsoft Business Intelligence

Invitation Code: D9E021

Friday November 13 12:00-12:45     Identity and Access Management solutions for the Public Sector

Invitation Code: 62B6E3

Friday November 27 12:00-12:45     Improving the citizen experience of public services: Citizen Service Platform

Invitation Code: 1643C7

Friday December 11 12:00-12:45     Enabling secure document records management for Public Sector organisations

Invitation Code: 246F11

Friday December 18 10:00-10:45     Improving the citizen experience with more effective relationship management

Invitation Code: 2F213B

All we need is less than 1-hour of your time at your desk, in front of your PC/web browser and our experts can update you on how to make the most of your investment in Microsoft technology.

We hope you will join us for one or more of these Microsoft Public Sector Live Meetings.

3^rd June 2009 – 12:00-13:00

This session will discuss how the adoption of unified communications technologies within daily working practices is eliminating the need for travel between trust locations for virtual teams; providing more agile and cost effective communication channels, whilst freeing staff to spend more time in patient-facing duties.

The session will cover:

· Introduction to Microsoft Unified Communications

· Benefits to workers in the NHS

· Key factors and challenges in adoption of UC

· Case Study: How Wandsworth PCT are reducing costs and improving interaction through UC adoption

Registration is quick and easy, and open to anyone in the NHS.  Once registered you will receive an outlook calendar entry

Register Here: https://www.livemeeting.com/lrs/microsoft1/Registration.aspx?PageName=38w5xb0wvnt7drqb

http://www.facultyresourcecenter.com/curriculum/pfv.aspx?ID=7992

"Getting Started Making Games with C# and XNA Game Studio" is a programming course for senior high school or undergraduate students with no prior programming experience. It is intended to engage students with the craft of programming by the creation of gameplay using the XNA game framework.

Whilst the students will learn how to create games, the course should really be regarded as one which teaches programming. All of the issues that are explored are also applicable in the wider scheme of software development.

Presentations are provided as part of the learning materials. The presentations are grouped into a number of topic based parts with a practical session to underpin the taught content. Each presentation is interspersed with demonstrations and annotated with speaker notes, as well as content review sessions.

The material is intended to foster a dialogue between the presenter and the audience; in some places the presenter is given some discussion points to further this. There are also some "interactive development" sections where presenter and audience use what they have been taught so far to solve a particular problem. These attempts (and their occasional failure) lead to more detailed exposition of the material and hopefully remind those present that having things not work is actually part of the software development experience.

It’s been produced in collaboration with the erstwhile Rob Miles, so fits in well with his XNA book (http://www.amazon.co.uk/Microsoft-XNA-Game-Studio-PRO-Developer/dp/0735625220)

Where: Liverpool

What:

Black Marble and Microsoft are demonstrating how small efficiencies can add up to big savings through the Microsoft family of collaboration tools. Drawing on the wealth of knowledge created by a collaborative project between Microsoft and the NHS (the Common User Interface Programme), Black Marble are running a series of knowledge workshops for NHS managers to show how effective deployment of Microsoft Office SharePoint Server and related technologies can energise staff in all areas.

From low-risk, high impact solutions intended to save a few minutes each time someone performs a certain tasks, to larger process automation projects designed to streamline processes, SharePoint is a key efficiency tool. In addition, the software’s ability to host discussions and questionnaires can help staff at all levels of the organisation engage with major initiatives.

Microsoft is committed to a long term partnership with the NHS. One of the most important fruits of that partnership is a collection of best practice guidance and technology building blocks collectively known as the Microsoft NHS CUI. This collection is freely available to organisations within the NHS for immediate use, and some of the benefits to be gained through the NHS CUI tools will be covered in the workshops.  NHS Trusts can download guidance and tools from the N3 based PSPG site.

Microsoft’s Common User Interface (CUI) team works with healthcare organisations, high-technology companies and standards bodies to design and promote IT systems that support the delivery of better healthcare and promote patient safety.  They have produced, and Black Marble are empowered to implement a series of NHS Solution Enablers that are designed to tackle the challenges faced by many trusts, with the minimum of new IT or bespoke development.  These Enablers include one to manage meetings and one for creating reference policies and procedures for all manner of trust administrative processes.

During the knowledge workshop, Black Marble will relate SharePoint to real organisational issues and demonstrate how the system can directly benefit the NHS. Drawing on experience, crucial advice will be given on how to ensure the success of a SharePoint deployment and put in place the policies to manage the solution over time. The workshops end with a round table discussion, where attendees can ask direct questions about how SharePoint might solve specific issues that they face.

The Workshop will take place in Liverpool on the 20th May and repeated in Bradford on the 21st May.  Registration is from 9:30am, with the workshop due to begin at 10am and end at 2pm with lunch included. If you have any queries, or wish to register, please call 0845 644 7656.

You can register online here.

Microsoft® Office Outlook® 2007 provides an integrated solution for managing your time and information, connecting across boundaries, and remaining in control of the information that reaches you. Office Outlook 2007 delivers innovations you can use to quickly search your communications, organise your work, and better share your information with others—all from one place.

Better Manage Your Time and Information

Office Outlook 2007 makes it easier to locate, prioritise, and act upon an increasing volume of information.

Instant Search

Rapidly search for keywords or other criteria to locate items in your e-mail, calendar, contacts, or tasks, saving you valuable time.

1. Type a keyword in the Instant Search box above your e-mail list.

2. Expand the search box using the arrow on the right to add more search criteria.

3. Expand your search results to your desktop or all mail items using the arrow to the right of the magnifying glass.

Flag E-Mail as a Task

Flagging mail messages as tasks automatically adds them to your To-Do Bar so that you can easily track and complete them.

1. Right-click the flag icon next to an e-mail message.

2. Designate a date that you want to follow up on this mail.

3. View the mail on your To-Do Bar.

Colour Categories

Colour categories give you a simple, visual way to distinguish items from one another, making it easy to organize your data and search for information.

1. Right-click the box next to an e-mail message.

2. Click All Categories.

3. Assign titles to your colour categories such as personal, work, finance, family, or birthdays.

4. Click OK.

5. Right-click the category box next to an e-mail message and assign a colour category to it.

6. Arrange your e-mail list or search by colour categories.

Access Information in One Click Using Attachment Preview

Accessing mail attachments is often a multistep process with no easy way to gain quick insight to that content. With the Attachment Preview, you can preview your attachments in one click directly from within Outlook, saving you time and effort.

1. Click the attachment in the e-mail message or reading pane.

2. Scroll through the document or presentation using the scroll bar on the right. To return to the e-mail message, click the message box to the left of the attachment.

Note: The presentation or document is a read-only copy. To make edits or comments, you need to save a local version on your computer.

RSS Feeds

RSS feeds are an easy way to subscribe to interesting information like world news, sport scores, or blogs. With Office Outlook 2007, it’s easy to get started adding and reading RSS subscriptions.

1. Click the mail folder called RSS Feeds.

2. Choose a feed that interests you from the RSS Feed home page.

3. Outlook prompts you to add this feed to your list. Click OK.

4. Outlook creates a specific RSS subscription folder for this feed below the main RSS Feeds folder.

5. Note: When using Office Outlook 2007 with Microsoft Internet Explorer® 7.0, you can keep a synchronized list of subscriptions between the two programs.

Effectively Share Information

Office Outlook 2007 dramatically improves the way users work together through new calendaring and information-sharing capabilities.

Send a Calendar Snapshot

With a calendar snapshot, you can communicate your calendar information to anyone, anytime.

To send a calendar snapshot:

1. Click the calendar.

2. Click the Send a Calendar via E-mail link in the left navigation pane.

3. In the dialog box, choose which calendar you want to send information from, the date range, and the level of details that you want to share.

4. Outlook creates a visual representation of your calendar information in the body of the e-mail message and also attaches the information as an .ics file.

Subscribe to a Web Calendar and View in Overlay Mode

Web calendars enable you to add and subscribe to calendars that cover a wide array of topics such as industry conferences, sports schedules, or movie releases.

1. Click the calendar.

2. Click the Browse Calendars Online link.

3. In the Web page that appears, click a calendar from the list that looks interesting to you.

4. Outlook asks if you want to add the calendar to the list. Click OK.

5. The calendar will appear in Outlook, and you can view this calendar in overlay mode. To enable this view, ensure that both calendars are checked and visible side by side. Then click the arrow on the title tab of the calendar on the right.

Publish Your Calendar to Microsoft Office Online

Sharing your calendar information is even easier through the new publishing capabilities that Office Outlook 2007 provides. Through this free Office Online service, you can create dynamic Web calendars that your co-workers, friends, or family can subscribe to and remain up to date.

1. Click the calendar.

2. Right-click the name of the calendar that you want to publish.

3. From the list, select Publish to Internet, and then click Publish to Office Online.

4. Follow the steps in the wizard to register for the service using your Windows Live™ ID credentials.

5. When you’ve registered for the service, you can simply choose the calendar, time frame, and other settings. Outlook creates a sharing invitation that you can use to invite people to subscribe to your calendar.

Create an Electronic Business Card for Your Signature

In Office Outlook 2007, you can create and share customized Electronic Business Cards, giving you a personalized way to communicate your information. You can customize your contact information with Electronic Business Cards that include logos and photos, making contacts more personally relevant and easier to locate.

1. Click the arrow next to New, and then click Contact.

2. Enter your personal contact information such as name, title, company, work phone, and work fax number.

Note: As you type, a preview of your business card appears in the business card box in the bottom left corner.

3. Click the Business Card button on the Ribbon.

4. After you enter your contact information, click the Image button to add your photograph, company logo, or other pictures. Use the Background Colour Palate to change the background colour of your business card, and use the Text Editor to change the size, justification, or color of your text.

5. To use your customized Electronic Business Card as your signature, click the Business Card button on the Message tab of the Ribbon.

Note: Your organisation must be using Microsoft Exchange Server 2007 for you to see these options.

Integrate All Your Types of Communication Right from Outlook

Often, you might be working in Office Outlook 2007 and want to call the person who sent you an e-mail message, or perhaps you want to send them an instant message but don’t know whether they’re online. Using the integrated presence information provided by Office Communicator 2007 and Office “Live” Server 2007, you’re able to easily start a phone call or even an IM conversation.

Gain Greater Control over Your Out of Office Message

Users of Office Outlook 2007 on Exchange Server 2007 have the increased capability to set distinct Out of Office messages and to schedule the time period when you want your messages to be sent. You retain greater control over the type of information your contacts receive, helping to ensure that it’s relevant and appropriate to their needs.

1. To open the Out of Office Assistant, click Tools, and then click Out of Office Assistant.

2. Explore the options. You can set the date range and time frame, and set one message for people inside your organization and a separate one for people outside your organization.

Forefront suite

One of the key security products used by the NHS today to protect the Network Perimeter is the Microsoft Internet Security and Acceleration Server (ISA) which is part of the Forefront suite of products, its typical uses are:

I want to provide secure access to clinical applications

Or substitute any one of the following:

· I want to provide services to unmanaged machines without compromising security

· I want to secure my legacy applications without having to rewrite them

· I want to be able to use RMS from Outlook Web Access

· I want to provide a cost-effective home working solution without buying everyone their own laptop

· I want to make staff aware of, and sign off on, changes in IT policy before they access patient data

A challenge with traditional VPN solutions is that they are somewhat inflexible about the access they give. Often in Healthcare we need to provide a granular level of access to applications, files and data. The Intelligent Application Gateway (IAG)[1], which is part of Microsoft Forefront Network Edge Security, provides secure socket layer (SSL) application access, a Web application firewall, and endpoint security management that enable access control, authorisation, and content inspection for a wide variety of line-of-business applications.

Together, these technologies provide mobile and remote workers with easy and flexible secure access from a broad range of devices and locations including kiosks, desktop computers, and mobile devices. IAG also enables IT administrators to enforce compliance with application and information usage guidelines through a customized remote access policy based on device, user, application, or other business criteria.

Intelligent Application Gateway

Key benefits include:

· A unique combination of SSL VPN-based access, integrated application protection, and endpoint security management.

· A powerful, Web-application firewall that helps keep malicious traffic out and sensitive information in.

· Reduced complexity of managing secure access and protecting business assets with a comprehensive, easy to use platform.

· Interoperability with core Microsoft application infrastructure, third-party enterprise systems, and custom in-house tools.

My users want to securely share information with arms length bodies

With the formation of multi-disciplinary teams we need to share information with other organisations quickly and securely. One way of doing this is to extend our network out to these organisations. In Windows Server (2003 onwards) we have Active Directory Federation Services (or ADFS) which will allow us to create Trust relationships between organisations to support the federation and sharing of information. Above I talked about Rights Management Services to secure documents inside of you organisation, in Windows Server 2008 we extend this building on ADFS.

Federated Rights Management

Rather than take this infrastructure approach though, our users can securely share information both inside and outside of the organisation using Microsoft Groove. Groove, which is part of Office System 2007, lets user create a secure workspace on their PC (it’s encrypted) and then invite a number of colleagues into that workspace. Data is transferred between PC’s using the Groove relay service (the default is the hosted service from Microsoft, or a Trust can implement their own). Groove can also be linked to Sharepoint document and forms libraries – so a Trust can offer internal users access to documents via their Sharepoint intranet and give external people access to these via groove. The Groove application will automatically synchronise data between the two.

There is a case study on the use of Groove in the NHS here.

[1] Not currently covered under the NHS Enterprise Agreement

Microsoft Office SharePoint Server 2007 dramatically changes the way people work – for the better. The Internal Buzz Kit is designed to help you generate demand for your newly deployed SharePoint Server 2007 sites, increasing your Return on Investment.  You may need to revise some of the pieces in the Kit, depending upon your particular deployment environment and company policies. You may download all the materials in one file, or download them separately. Download the SharePoint Internal Buzz Kit: Office SharePoint Server 2007 Buzz Kit

Build Excitement with a Presentation

How to use the presentation, Build SharePoint Buzz, SharePoint Buzz Video

Launch Day

Get Excited about Launch Day, SharePoint Evangelism Posters, Downloadable Poster Instructions

End User Training

Training Certificate, Microsoft Office SharePoint 2007 Datasheet, Office SharePoint Server 2007 Training Install Guide, Training End Users, Using Office SharePoint Server 2007 Training, Office SharePoint Server 2007 Training (Standalone Edition), Office SharePoint Server 2007 Training (Portal Edition - must be installed by a server administrator on a SharePoint site)

Build Community

Developing Super Users, Super User Invitation , Finding Super Users , Building an online community

Demonstration Videos

How to use the SharePoint Internal Buzz Kit, Connect people to the right information with portals, Enterprise Content Management with Microsoft Office SharePoint Server 2007, Search For Files Websites Information and People, See how a SharePoint team site simplifies collaboration, Streamline business processes by using forms and workflow

So who is logging onto my network?

NHS organisations typically store identity information in many places, this can lead to inconsistency in information but also provide challenges when people join or leave the organisation. Microsoft Identity Lifecycle Manager (ILM)[1] simplifies the process of matching and managing identity records from disparate data repositories, and prevents anomalies, such as active records for employees who have left the NHS. ILM provides your organisation with a policy framework to control and track the identity and access data that helps manage compliance. It also includes self-help tools for end users, enabling your IT department to improve efficiency by securely delegating many tasks to end users.

Another key feature of ILM is that it includes a Windows-based certificate management solution that integrates with the Windows Server 2003 operating system and Active Directory to provide a turnkey solution for managing the end-to-end life cycle of smart cards and digital certificates for the Windows Server 2008 Certificate Authority.

ILM enables your organisation to:

o Synchronise identity information across a variety of heterogeneous directory and non-directory identity stores. This enables you to automate the process of updating identity information across disparate platforms while maintaining the integrity and ownership of that data across the enterprise.

o Provision and de-provision user accounts and identity information such as distribution, e-mail accounts, and security groups across systems and platforms. New accounts for employees can be created quickly based on events or changes in authoritative stores like the human resources system. Additionally, when employees leave a company, they can be immediately de-provisioned from the same systems.

o Manage certificates and smart cards. ILM includes a workflow and policy-based solution that enables organisations to easily manage the life cycle of digital certificates and smart cards. ILM leverages Active Directory Services and Active Directory Certificate Services to provision digital certificates and smart cards, with automated workflow to manage the entire life cycle of certificate-based credentials. ILM significantly lowers the costs associated with digital certificates and smart cards by enabling organisations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multi-factor authentication technology.

I need to provide secure internal access

Smart Cards and certificates are now the norm in many NHS organisations. However, they can provide challenges in terms of certificate creation and management.

Fundamental improvements to Certificate Services in Windows Server 2008 can help NHS organisations from a security, manageability, and interoperability perspective. Microsoft introduces a completely new cryptography API in Windows Vista and Windows Server 2008. This Advanced Cryptography Support is a new infrastructure component in Windows and is also a component used by Active Directory Certificate Services. CNG supports classic cryptographic algorithms supported through CSPs as well as new algorithms like Elliptic Curve Cryptography (ECC). A flexible implementation model allows you to dynamically switch between algorithms as needed.

I need an effective patch management solution

Two key products from Microsoft (both of which are available to the NHS today) provide this functionality. The first is Windows Server Update Service (WSUS). Rather than your pc’s connecting directly to Microsoft for your updates you can host a WSUS server inside of your environment. You connect this server to Microsoft, download the patches (once) and then decide which are suitable for deployment in your organisation. Your PC’s then connect to your WSUS server instead of Microsoft.

The second product is System Centre Configuration Manager (SCCM) formerly called SMS. SCCM provides a comprehensive patch management solution as well as software and hardware asset management, software and operating system deployment etc.

There are a number of guidance document available to the NHS as part of the Common User Interface (CUI) Program.

Some of my users logon infrequently and I need to check the health of their machines

One of the most time-consuming challenges that administrators face is ensuring that computers that connect to the private network meet health policy requirements. Network Access Protection for Windows Server 2008 and Windows Vista helps administrators enforce compliance with health policies for network access or communication. Network Access Protection (NAP) does not prevent an authorised user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behaviour though.

When a user attempts to connect to the network, the computer’s health state is validated against the health policies as defined by the administrator. Administrators can then choose what to do if a computer is not compliant. In a restricted access environment, computers that comply with the health policies are allowed unlimited access to the network, but computers that do not comply with health policies or that are not compatible with Network Access Protection, have their access limited to a restricted network. Once they become compliant (through installation of patches etc) they are granted access to the network.

Some of my remote offices are not secure

Often as IT professionals we have to install servers in remote or branch offices such as GP surgeries. These locations don’t necessarily offer the same level of physical security as say an NHS Trust data centre. A new feature in Windows Server 2008 – that of Read Only Domain Controllers can help mitigate the risks of a server being stolen.

A read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. The Read-Only Domain Controller (RODC) is primarily targeted towards remote sites such as GP Surgeries. RODC doesn’t store any passwords, by default. That way, if the RODC is compromised, then an administrator doesn’t have to worry about someone gaining access to the entire network using the information stored on that server. This addresses the lack of physical security that can occur at GP Surgeries. So the threat to the Active Directory is drastically reduced.

If a RODC is compromised, the administrator can demote the RODC and can quickly reset all passwords for accounts that were cached on that RODC.

 [1] Not currently covered under the NHS Enterprise Agreement.

Unified. Now. Increase productivity and unleash the true potential of your mobile workforce.

You and your colleagues are cordially invited to join us at the Voice of Unified Communications Roadshow coming to London, Cardinal Place, Victoria on 16^th Match, 2009.

Microsoft® Office Communications Server 2007 R2 delivers the unified communications (UC) experience companies have been seeking. It empowers your distributed workforce with the flexibility necessary to access the people they need — when, where, and how they need them. Microsoft unified communications solutions help:

· Streamline communications.

· Integrate with Exchange Voice Mail.

· Reduce costs of audio conferencing.

· Ensure compliance with data mandates.

· Decrease environmental impact by reducing unnecessary travel.

· Enhance team collaboration and productivity.

With enterprise telephony (VoIP) and the integration of your telephony, voice mail, and e-mail infrastructures, your people can quickly and easily find the right person—and click to communicate from within everyday software applications and businesses processes.  Please join us for this briefing on the business value, and costs savings realization for UC using the recent R2 release of Microsoft Office Communication Server 2007.

Date:  16^th March, 2009

Time:  9am – 5pm

Location:
Microsoft London (Cardinal Place)
100 Victoria Street
London SW1E 5JL
Tel: 0870 60 10 100

Arrival by Tube:

Nearest tubes are:
Victoria Station: Victoria, Circle and District Lines

http://www.microsoft.com/privacy

© 2008 Microsoft Corporation. All rights reserved. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Latest release of Public Source SharePoint accessibility solution broadens customization for ease-of-use and provides additional regulatory standard support

Nashua, NH – March 9, 2009 – HiSoftware Inc. (www.hisoftware.com), a leading provider of software, services and managed operation solutions that monitor and optimize Web content, quality and regulatory compliance for accessibility and privacy content, together with Microsoft today announced the release of the Accessibility Kit for SharePoint (AKS) v2.0, to support an accessible development framework for Microsoft Office SharePoint® Server (MOSS) environments. The latest release includes a series of Smart Control Adapters to reduce customization, HiSoftware’s Compliant Code Engine (HCCE) to assist organizations in creating code that is compliant to standards-based HTML or XHTML, support for additional regulatory standards and more.

Tom Rizzo, Senior Director of SharePoint for Microsoft Corporation says, “Microsoft has a long standing commitment to accessibility and our work with HiSoftware on the Accessibility Kit for SharePoint (AKS) reinforces that commitment. The AKS v1.0 and v1.1 have already helped customers around the world to address their accessibility requirements for SharePoint intranet, extranet and Internet sites. The AKS v2.0 incorporates feedback from our customers and partners, and greatly simplifies the process of developing accessible SharePoint sites and applications. It is Microsoft’s goal to deliver better accessibility for all SharePoint content and we believe that the AKS v2.0 moves us in the direction of this goal.”

AKS 2.0 significantly reduces the level of effort and knowledge needed by customers and partners to improve the accessibility of SharePoint-based sites/applications. Microsoft, in collaboration with HiSoftware, successfully launched the Accessibility Kit for SharePoint v1.0 in late 2007 and early 2008, along with a Web-based partner and customer community (https://aks.hisoftware.com). More than 4,000 organizations from fifty countries have downloaded AKS v1.x which is available under the Microsoft Public License (Open Source see http://www.microsoft.com/opensource/licenses.mspx). AKS is intended to be a community based project to which other organizations can contribute.

Key Features in AKS v2.0

AKS v2.0 introduces the following:

• Smart Control adapters which greatly reduce the amount of custom configuration previously required for AKS control adapters.
• The Web Part Zone Control Adapter, a special Smart Adapter that modifies the output of SharePoint so that it does not use tables for layout of the Web parts.
• HiSoftware’s Compliant Code Engine (HCCE) to assist organizations in creating code that is compliant to standards-based HTML or XHTML.
• Additional requirements under Canadian Common Look and Feel 2.0 (CLF 2.0) guidelines.
• Examples of remediation to comply with WCAG 2.0 Level AA.
• French language version of AKS components.

While SharePoint and AKS provide a framework with which to develop an accessible application layer, MOSS is a dynamic solution that provides a mechanism for constantly changing and evolving content. Beyond AKS, HiSoftware provides end-to-end solutions to address accessibility and other Web governance issues during the development process and to provide ongoing Web compliance testing through an integrated SharePoint work flow process. HiSoftware solutions for MOSS provide an integrated, full Web project life cycle approach that allows customers to start accessible and stay accessible.

HiSoftware President and CEO, Kurt A. Mueffelmann, stated, “We are pleased to release AKS v2.0. With more than 4,000 downloads of AKS 1.x during the past year, we look forward to the continued commitment of the Microsoft SharePoint community towards creating a more accessible solution. This latest release of AKS 2.0 makes it easier than ever for SharePoint users to create a more accessible Web site with new features that improve ease-of-use and support for additional standards. Paired with HiSoftware’s commercial offerings for MOSS, the tools allow organizations to not only start accessible - but stay accessible - despite constantly changing and evolving content with an end-to-end solution.”

Pricing and Availability

AKS v2.0 is available immediately at no charge under the Microsoft Public License through Codeplex at https://aks.hisoftware.com. For more information on HiSoftware’s products call +1.603.578.1870, email info@hisoftware.com or visit www.hisoftware.com. 

Increasingly in Healthcare we see a diverse and mobile workforce with information and technology being the key enablers. This does present the IT professional with a number of issues, the ‘edge’ of the network suddenly becomes blurred and we need to provide secure remote access to applications and data wherever people are and to protect the devices.

Oops I've lost my laptop...

There have been a number of cases where laptops and mobile devices containing sensitive data have been stolen. Using host encryption technologies such as BitLocker can secure data on the device – meaning that the impact of the theft is reduced to the loss of the asset and not the data in contains.

BitLocker Drive Encryption

BitLocker Drive Encryption is an integral new security feature in Windows Vista and in Windows Server 2008. It can therefore protect servers at locations, such as in a GP Surgery, and mobile computers for roaming users.

The Group Policy feature of Windows Server 2008 allows administrators to set a corporate encryption policy. When combined with BitLocker encryption, this provides additional security for GP Surgeries, sites with limited IT support, or sites at risk for security breaches.  BitLocker provides off-line data and operating system protection by ensuring that data stored on the computer is not revealed if the machine is tampered with when the installed operating system is offline.   BitLocker Drive Encryption optionally uses a Trusted Platform Module, or TPM, to provide enhanced protection for data and to assure early boot component integrity. This helps protect data from theft or unauthorized viewing by encrypting the entire Windows volume.

BitLocker prevents a thief who boots another operating system or runs a malicious software tool from breaking Windows file and system protections, or performing offline viewing of the files stored on the protected drive. BitLocker Drive Encryption protects data while the system is offline because it encrypts the entire Windows volume, including both user data and system files, the hibernation file, the page file, and temporary files. This provides umbrella protection for third-party applications because they receive the benefits of BitLocker automatically when they are installed on an encrypted volume.

I haven’t got Windows Vista; can I still encrypt my files?

Yes, with Windows XP we introduced a technology called the encrypting file system (EFS), this also available on Windows Vista). EFS provides the core file encryption technology used to store encrypted files on NTFS file system volumes (Unlike BitLocker EFS encrypts specific volumes rather than the whole drive). After you encrypt a file or folder with EFS, you work with the encrypted file or folder just as you do with any other files and folders i.e. encryption is transparent to the user that encrypted the file. This means that you do not have to manually decrypt an encrypted file before you can use it. You can open and change the file as you normally do.

Using EFS is similar to using permissions on files and folders. Both methods can be used to restrict access to data. An intruder who gains unauthorised physical access to your encrypted files or folders will be prevented from reading them. Similarly, an intruder who tries to open or copy your encrypted file or folder will receive an access-denied message.  

What's more there's CUI guidance (and tools) available for running EFS in the NHS!

What about Viruses, Malware, Worms & Trojans?

As part of the Enterprise Agreement all machines in the NHS are licensed to use Forefront Client Security. Forefront delivers unified protection against emerging threats such as spyware and rootkits, as well as traditional threats such as viruses, worms, and Trojan horses. It provides a single agent for protection, detection, and removal of viruses, spyware, rootkits, and other malware threats.

Now, where did I leave my phone?

A frighteningly large number of mobile telephones are mislaid, lost and stolen each year. As these devices get smarter we are storing more and more business data on them. With Windows Mobile and Microsoft Exchange and System Centre Mobile Device Manager we can start to effectively manage these devices over the air.

Example Mobile Policy

You can now add Windows Mobile Devices to your active directory (as you do your network resources such as PC’s, Servers & Printers today) this allows IT professionals to set and control policies in a single environment. This helps make Windows Mobile Devices “first-class citizens” in the organisation's IT infrastructure. This allows IT administrators to lock down communications for compliance and confidentiality purposes, including disablement of Bluetooth, SMS/MMS, WLAN, Infrared, POP/IMAP e-mail, as well as camera functionality.

The application allow and deny feature helps empower IT professionals to decide which software applications may run on which devices for productivity, compliance, or other business reasons. This feature helps provide enterprise control over what software can be installed and run on the organisation's Windows Mobile Devices. It also enables full file encryption on the Windows Mobile—powered device, which is designed to increase security for sensitive files or NHS data. Coupled with storage card encryption, Windows Mobile software is designed to offer full data encryption capabilities.

In terms of access to internal resources the Mobile Device Manager Mobile VPN is designed specifically for mobile devices to help ensure the best possible user experience. It also offers the IT professional key services such as device provisioning, software deployment, Device Inventory and Reporting Helpdesk Console and Role-Based Administration and device wipe

So if a senior executive is separated from their mobile device they can execute remote device wipe themselves through Outlook Web Access, which helps reduce the chances of corporate data falling into the wrong hands. This “wipe now” feature does not require involvement from the IT Support team or to wait for the device to sync with the server.

My users keep bringing in unknown USB devices

Most information workers in the NHS have at least one USB drive (maybe even from a Microsoft event!), these are great for carrying around data, however, they can introduce security issues. I just wanted to highlight a couple of solutions that immediately assist with this that don’t involve physically blocking the USB ports on all of your machines. In Windows Vista we have extended group policy to enable control of the USB ports and more importantly the USB devices that are supported inside the organisation. Also, in the previous article I described the Windows Rights Management Service – this provides persistent protection i.e. the files are protected whether they are on someone’s hard-drive, sent over email or indeed moved around on a USB stick.

I want to send an email or a document securely

Ensuring Privacy and protection of digital files and information is a difficult ongoing task. Traditional solutions in NHS organisations protect initial access using a combination of perimeter-based security technologies to protect sensitive data: network access is protected by firewalls, servers hosting sensitive files can be restricted by Access Control Lists (ACLs), and confidential e-mail messages can be encrypted in transit to assure no tampering. However, this may result in information leaks and unauthorised users gaining access to information.

These forms of information protection, while immensely valuable, share a common limitation: after the intended (or unintended) recipient gains access to the information, he or she is free to use it in whatever manner they wish. For example, he or she can forward e-mail messages around the world in a single click, sometimes to unintended recipients, or save it to a mobile computer or USB drive. 

Windows Server 2008 Active Directory Rights Management Services protects access to an NHS organisation’s digital files. It is a security technology that works with applications to help safeguard digital content—no matter where it goes—for people who need to protect sensitive Web content,

Windows Rights Management Service

With RMS content owners can define exactly how a recipient can use the information, such as who can open, modify, print, forward, or take other actions with the information. NHS organisations can create custom usage rights templates such as "NHS Confidential—Read only" that can be applied directly to information such as financial reports, product specifications, customer data, and e-mail messages.

I need to control the flow of documents across my organisation

From a user perspective the rights management service is surfaced in user applications such as Microsoft Office and Microsoft Office Sharepoint server.

This gives the ability to:

• Prevent an authorised recipient of protected information from forwarding, copying, modifying, printing, faxing, or cutting and pasting the information for unauthorised use.
• Prevent protected information from being copied with the Windows Print Screen function.
• Provide information with the same level of protection wherever it goes. This is referred to as persistent protection.
• Provide the same level of protection to e-mail attachments, as long as the attachments are files created with other Office programs.
• Protect information in e-mail messages or documents that have been set to expire, so that the information can no longer be viewed after a specified period of time.
• Enforce corporate policies that govern the use and dissemination of information within and outside the organisation.

Microsoft Office SharePoint Server is a collaboration and content management server that allows you to have one integrated platform to support the portal and document management needs of your organisation. SharePoint’s content management supports the creation of workflows and policies to govern information[i].  SharePoint Server 2007 is integrated with RMS, so that access control policies can be enforced on all copies of content downloaded from SharePoint.

Microsoft Office Sharepoint Server 2007

How can I protect my Sharepoint Infrastructure?

Microsoft Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and content controls to help businesses protect their Microsoft SharePoint collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content. The new Forefront Security for SharePoint provides an improved user experience with file uploads, manual scanning, keyword filtering, and program administration.

Forefront Security for SharePoint is an on-premise solution that provides comprehensive protection for SharePoint document libraries

How do I protect my Exchange service from Viruses, Worms and Spam?

Microsoft Forefront Security for Exchange Server helps protect your e-mail infrastructure from infection and downtime through an approach that emphasises layered defences, optimisation of Exchange Server performance and availability, and simplified management control.

Can Microsoft get rid of Spam before it hits my email service?

Microsoft Exchange Hosted Services for messaging security and management is composed of four distinct services that help organisations protect themselves from e-mail-borne malware, satisfy retention requirements for compliance, encrypt data to preserve confidentiality, and preserve access to e-mail during and after emergency situations. The services are deployed over the Internet using a “Software as a Service” model which helps minimize additional capital investment, free up IT resources to focus on other value-producing initiatives, and mitigate messaging risks before they reach the corporate firewall.

[i] The Information Worker stream of the Common User Interface Programme has published custom workflows for use in the NHS.

I need to ensure that my database is secure

Before joining Microsoft I worked for a large distribution company, we created a high level data model for the organisation – identifying our key information, where it was held and in what technology. The interesting thing in this exercise was that the key data, the data that kept the business running, was stored in an Access 2.0 database on an unsecured machine in a branch office. There were challenges not only around how the data was secured but also how it was distributed, backed-up, recovered etc.

Whilst this isn’t a witch-hunt against Access (it’s a great tool), this example hopefully demonstrates that it’s important that we know where our data lives, identify who is responsible for it, and equally importantly that it’s on a platform we can secure and manage.  Just as an aside and to end the story – we used the SQL server migration tool to upgrade the Access databases to SQL server. You can choose to leave the user front end in Access should you wish.

If your data is already in SQL Server then you can start to take advantage of data encryption. In SQL Server 2005, we enabled the encryption and decryption of data at rest by providing built-in functions for applications to call. With 2008 we extend this capability to enable encryption of an entire database, data and log, without the need for application changes. One key benefit of the SQL Server implementation is that it will provide a much richer ability to search encrypted data including both range and fuzzy searches. This is in addition to Bitlocker support that Windows Server 2008 introduces.

Transparent Data Encryption & External Key Management

From SQL Server 2005, encryption and key management was contained entirely within SQL Server.  To some small applications and users this is acceptable.  However, with the growing demand for regulatory compliance and the overall concern for data privacy more NHS organisations are leveraging encryption as a way to provide a defence in depth solution. SQL Server 2008 will provide a mechanism for SQL Server encryption to work with third-party key management products.

• Environmentally Sustainable Infrastructure Design
• Green Maturity Model for Virtualization
• Application Patterns for Green IT
• Architecture Journal Profile: Udi Dahan
• Profiling Energy Usage for Efficient Consumption
• Project Genome: Wireless Sensor Network for Data Center Cooling
• Green IT in Practice: SQL Server Consolidation in Microsoft IT