IT Security Resources

IT Insights Blog
Follow Skyline

Learning About and Responding To Security Vulnerabilities
1/20/12

Business Intelligence

Custom Software Development

Enterprise Portals & SharePoint

IT Business Consulting

Mobile App Development

Online Marketing

Recent Blog Posts

SignalR - Right Now!
Posted 5/14/12

Certifications: Are They Worth the Effort?
Posted 5/11/12

Microsoft Office 365 - Exchange Online Explained
Posted 5/10/12

CSS 3 and Responsive Designs
Posted 4/23/12

Getting Started with Knockout and ASP.NET MVC
Posted 4/20/12

Going Green for Earth Day
Posted 4/18/12

Aliasing SQL Server in the SharePoint World
Posted 4/11/12

Improve IT Project Success Rates Using Agile Development
Posted 4/6/12

Sending a Class with Data to New Activity in MonoDroid
Posted 4/5/12

Brian Morgan, Chief Technology Officer

After a recent Microsoft Security Advisory describing a denial of service vulnerability in ASP.NET, a client of ours asked me how Skyline learned about, and was able to respond to, the event so quickly. Since this is not the first time I’ve been presented with this question, I thought I would blog about my response. In this entry I will discuss how we learn about security vulnerabilities at Skyline. In a future entry, I will address our security response strategy.

At Skyline, we use two very powerful channels for security information. First, since we are heavily focused on Microsoft products, our IT team relies upon the Microsoft Security Response Center (MSRC). The MSRC consists of security experts that are constantly monitoring for security vulnerabilities that could affect the Microsoft systems that run our business. When a vulnerability is discovered the MSRC will investigate the threat, assess its impact, provide guidance and, if necessary, issue a security patch. Of relevance to this topic is Microsoft’s security notification service which can be used by busy IT departments to receive notifications of security vulnerabilities. The MSRC team website can be found here and you can follow the team on Twitter at @MSFTSecResponse.

Another resource valued by the experienced IT engineers at Skyline is the Microsoft Security Newsletter. This monthly newsletter is targeted toward IT professionals, developers, and business managers. We’ve found it to be a good source of information relative to the latest security bulletins, FAQs, prescriptive guidance, and community resources. Finally, the Security TechCenter is yet another source for security training and guidance for the inquisitive IT professional specializing in Microsoft technology.

A second, often overlooked source of security information is our associates. At Skyline we have a culture in which the professionals we hire love technology and are heavily engaged in the larger technical community. As they come across ideas or knowledge that could benefit our clients we strongly encourage them share their ideas with their clients and with other associates. In the case of the aforementioned security advisory, the initial alert came from one of our senior software engineers who was following Scott Guthrie’s blog.

Knowing how to locate information on relevant security vulnerabilities is a good “first step” in being able to respond to threats quickly. In a future entry I will discuss the additional steps we have taken at Skyline to ensure we are able to implement any provided guidance or security patches in a time appropriate manner.