No Microsoft security cert, now what?

Although it's unlikely that Microsoft will be adding a security-specific credential anytime soon (http://www.mcpmag.com/news/article.asp?EditorialsID=454), that doesn't mean you should ignore your Windows security education. In this tip, I'm going to point out my top ten Windows security online resources -- and urge you to monitor at least some of them as diligently as you monitor your own company's systems and networks.

1. Microsoft's Security Pages
   There's a wealth of security information on Microsoft's Web site scattered all over the place. The security pages create a clearinghouse of pointers to information broken down by category. If you manage Microsoft networks, this is a must-visit site.
2. Microsoft's HotFix and Security Bulletin Service
   Though not always the first to publish, this service is the most authoritative source for critical security updates. Every savvy Windows administrator's security routine should include a regular review of the Windows Security Bulletins mailed from here. You'll also find great pointers to technical security resources on this page.
3. Microsoft Security Tools
   Part of the treasure trove of information and materials that is TechNet, this page brings all of Microsoft's security related tools together in one place for easy download. Though you might sometimes elect to buy the third-party vendor's full-blown version, this is a good place to find out what's available tool-wise, and to take advantage of Microsoft's relentless urge to create more tools and utilities.
4. Security Administrator
   Run by Mark Joseph Edwards, a long-time member of the Microsoft security community, this site (part of the Windows & .NET Magazine network) is a source of news, information, exploits and more. It offers a Windows security bulletin service that is worth signing up for since it sometimes reports exploits or potential exposures before Microsoft does. Worth a visit.
5. MCP Magazine Security Center
   Although this magazine's primary focus is Microsoft certification, it does a surprisingly good job of covering security and other matters germane to what certified Microsoft professionals experience on the job. Its lead security guru is Roberta Bragg, author of many good books on Windows security. Bragg brings extensive experience and knowledge to bear on her reporting and explanations of security matters.
6. Antivirus/Security Advisories
   There are lots to choose from but you'll want to sign up with one or more of the following advisory groups to stay on top of potential sources of infection and trouble:
   • Computer Emergency Response Team (CERT)
   • Federal Computer Incident Response Center (FedCIRC)
   • NASA Incident Response Center (NASIRC)
   • Computer Incident Advisory Capability (CIAC)
   • National Infrastructure Protection Center (NIPC)
   • List of European CERTs
   While you're at it, don't forget to sign up for advisories from your antivirus software vendor(s), too.
7. NTBugTraq
   Run by Russ Cooper, TruSecure Corporation's "Surgeon General" on Windows bugs and security issues, this site remains one of the most balanced, best-informed and earliest sources of information on security topics. One of my personal favorites.
8. SANS Institute
   In addition to offering a GIAC (Global Information Assurance Certification) program that includes a mid-tier Windows-focused credential (the closest thing I know to a real Windows security certification), SANS also collects and publishes papers from all its GIAC Windows-certified individuals. This has resulted in a library of useful (but spotty) white papers on all kinds of Windows security topics. Worth checking out.
9. Security Focus Though its scope extends way beyond Windows, this is one of the best general sources of security news, information and updates. It also operates some useful and informative mailing lists. Security Focus is my favorite clearinghouse for security information online.
10. SecurityURLs
    My colleague, Michael Stewart, and I teach twice-yearly courses on Windows Security topics for the NetWorld+Interop trade show. Although I'm stunned to observe this, our list of Windows resources online (and in print) includes some of the best coverage of Windows security scanners and security related tools and resources available anywhere.

And of course, as a value-added bonus, don't forget to visit any of TechTarget's excellent Web sites, particularly SearchSecurity and SearchWin2000. Although I didn't include them in my top ten, you'll find a wealth of Windows security-related information on both of those sites.

Keeping up with Windows security is an ongoing and -- sometimes -- full-time job. If you start working with several of these sites and services, they'll help you cope with the never-ending drama of keeping Windows systems and networks safe. Think of it as a promise of your own job security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Information Security Career Advisor,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information Security Career Advisor Straight from the inbox: Your infosec career questions answered Creating a personal brand in information security How to prepare for an information security job interview Top social networking sites to boost your information security career An introduction to Information Security Career Advisor How to prepare for a layoff or 'career incident' SearchSecurity.com guide to information security certifications Guide to vendor-specific information security certifications The vendor-neutral information security certification landscape Advice from the pros: What infosec newbies need to know RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.