I feel so sad to saw the news about Microsoft discontinue the great TMG/ISA product.
I love ISA/TMG! It is secure and easy to use. Microsoft! Please give it back to us!
Important Changes to Forefront Product Roadmaps:
Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.
- As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
- In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
- We are discontinuing any further releases of the following Forefront-branded solutions:
- Forefront Protection 2010 for Exchange Server (FPE)
- Forefront Protection 2010 for SharePoint (FPSP)
- Forefront Security for Office Communications Server (FSOCS)
- Forefront Threat Management Gateway 2010 (TMG)
- Forefront Threat Management Gateway Web Protection Services (TMG WPS)
For collaboration protection, SharePoint and Lync Servers will continue to offer the built-in security capabilities that many customers use to protect shared documents. For remote access, DirectAccess and Routing and Remote Access Server (RRAS) VPN in Windows Server 2012 provide secure remote access for Windows and cross-platform clients, as well as cross-premise access through site to site VPN. Forefront Unified Access Gateway (UAG) 2010 also continues to provide secure application publishing and cross-platform SSL VPN remote access for a range of mobile devices.
We will continue to provide maintenance and support for the following Forefront solutions through the standard Microsoft support lifecycle (see chart below), but the discontinued Forefront offerings will no longer be available for purchase as of Dec. 1, 2012.
From Steve Riley site:
Changing the SSL cipher order in Internet Explorer 7 on Windows Vista:
Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this:
When you study the list, you’ll see that IE presents the algorithms in decreasing order of strength, but places the shorter bit-lengths first. Why? If longer bit lengths are more secure, shouldn’t they be listed first?
Remember, encryption is the thing that buys you time against Immutable Law #3. But performing encryption itself takes time. So when choosing an algorithm and a bit length, one important consideration is to ask yourself this question: “How long do I need for my secrets to remain secret?”
We configure IE to use shorter bit lengths — but never shorter than 128 bits, except for the last two that use no encryption — because it gives you better performance than the longer bit lengths. In almost all cases, a 128-bit key is more than sufficient to protect the information you’re exchanging over HTTPS.
However, if you require something longer, and want to change the default, you can. Here’s how.
- Open your group policy editor by entering gpedit.msc at a command prompt.
- Choose Computer Configuration | Administrative Templates | Network | SSL Configuration Settings.
- There’s only one item here: SSL Cipher Suite Order. Open it.
- Select Enabled.
- Now here’s where you need to tread carefully. You’ll see that the list is the same as above, but rather than formatted nicely with carriage returns, they’re simply separated with commas. The first item in the list is:
And the second item is:
Cursor your way through the list. Change that first 128 to 256. Then cursor forward a bit more and change the 256 to 128.
- Feel free to change other orders, too, but keep your changes within algorithm types.
- OK your way out, close the group policy editor, and reboot.
Most of you probably won’t need to do this — I haven’t. But for those who have regulatory requirements for using 256-bit AES, follow these steps and you’ll be compliant.
It is good to know that! We can change the SSL cipher order of Internet Explorer.
Linux Integration Services Version 3.4 for Hyper-V
When installed in a supported Linux virtual machine running on Hyper-V, the Linux Integration Components provide:
•Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.
•Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
•Time Keeping: The clock inside the virtual machine will remain accurate by synchronizing to the clock on the virtualization server via Timesync service, and with the help of the pluggable time source device.
•Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command.
•Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor.
•Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive.
•KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server.
•Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.
•Live Migration: Linux virtual machines can undergo live migration for load balancing purposes.
•Jumbo Frames: Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload.
•VLAN tagging and trunking: Administrators can attach single or multiple VLAN ids to synthetic network adapters.