Recognized globally as the standard for IT excellence

• Validates deep expertise across broad solutions
• Demonstrates up-to-date skills on changing technologies

Well as a 17 year veteran of Microsoft learning. I feel like I’m stepping through a time warp. Yes, it’s true Microsoft are in there infinite wisdom bringing back the much loved MCSE & MCSA Certifications. Although with a slight difference. It will not be a Microsoft Certified Systems Engineer but now known as Microsoft Certified Solutions Expert. You can start either on topics such as System Centre or SQL but it is widely expected that these will expand to include Windows 8, Office 365, Exchange 15 and so on.

Anyway, here’s the scoop from Redmond! (Well done Ken)

This is an important moment in the history—and future—of Microsoft certifications. Candidates for Microsoft certifications — and those who might employ them—are increasingly saying they need cloud services as part of the job descriptions. Today’s technical professionals need to understand a broader array of technologies in order to plan and design optimal solutions. It’s clear that our certification candidates must delve deeper in order to integrate public cloud, private cloud, and on-premise technologies effectively.

To accommodate these changes, we have reinvented Microsoft’s certification program. Our new certifications for IT professionals and developers are tiered in three levels—Associate, Expert, and Master. The flagship certification, and destination for most IT professionals, is the Microsoft Certified Solutions Expert or MCSE. It carries a familiar abbreviation, but has been “reinvented” to focus on the depth and breadth needed for cloud, on-premise, and hybrid solutions. Similarly, MCSD, or Microsoft Certified Solutions Developer, is our new expert level developer certification.

I invite you to learn more about our new certifications via the links below.

• Read more about the reinvented certification program in our MSL Newsroom at:
• http://www.microsoft.com/presspass/presskits/learning/default.aspx
• Keep up-to-date on the latest Microsoft Certification offerings at:
• www.microsoft.com/learning/MCSE

How to Use a Network Scanner

One of the most effective tools you can use to improve the security of your systems is a network scanner. A good network scanner can provide you with the same view of your servers, infrastructure, and workstations, as that of an attacker who is going to try to find a way into the network; that, and the regular user of the network scanner who can also help you keep a close eye on the changes your network undergoes as a normal part of its evolution. Here are seven tips on how to use a network scanner to its fullest.

1. Use it regularly

A network scanner is not a tool you pull out once a year before the auditor arrives. It’s a tool that you ought to run continuously or at least on a weekly basis. Attackers are scanning your network around the clock; you want to make sure you find any new vulnerabilities as soon as you can. Make sure you scan from the outside as well as internally, so you get the full view.

2. Diff the results from one scan to the next, and over time

Network scanners are great at logging the details of what they find. If you scan the same way each time, differencing the results of those scans lets you find what is changing on your network, and gives you deep understanding of what is going on with your network, and the actions of the other admins.

3. Investigate the deltas

When a diff finds a delta, investigate it. Make sure that new system went through proper provisioning and change control, and that no one has plugged a rogue host into your network.

4. Confirm all open ports

When scanning from the outside, make sure all the open ports are still appropriate. Systems are retired or retasked, and sometimes that doesn’t get through to the firewall rule sets, so use your network scanner to make sure you don’t have any opening that you shouldn’t have.

5. Address vulnerabilities immediately

If your network scanner finds a vulnerability, go fix it! Don’t set it for next month’s patching process; treat it as a priority, because if you found it, it’s only a matter of time before an attacker will too.

6. Validate new systems before they go live

A network scanner is a great way to help validate that a new system is fully patched and up-to-date, and its actual configuration matches its intended purpose, before you green light it for production or open the requested ports on the firewall.

7. Spread it around

Don’t keep the output of your network scanner to yourself. Publish the results to the team portal, or send them out in a weekly summary email, and discuss them during your team meetings. When it comes to vulnerabilities, the more eyes taking a look at the data, the better.

If you use these seven tips to get the most out of your network scanner, you will find it to be one of the most valuable tools in your collection. Network scanners can provide you with a wealth of information, understanding, and automate some of the tasks that go into securing your network.

This guest post was provided by Casper Manes  on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

All product and company names herein may be trademarks of their respective owners.

After working in Norway for most of January I’m off to one of my favourite places next week. Iceland to teach Windows 8 & Windows Server 8… Whoo Hoo! Also I’m joining my friend Paula Januszkiewicz at speaking at a Security event in Reykjavik on Thursday. If you can make it we would love to see you.

I’m also delighted to announce that the Cybercrime security Forum 2012 is taking place this March in the Netherlands. Join us for 2 days of deep dives covering such topics as Wireless hacking, Social networking Security, Hardware Security. If you would like to join us at any of our upcoming events visit the following links.

12^th & 13^th March – The Netherlands  – www.globalknowledge.nl/cybercrime

3^rd & 4^th May –  Norway                      – www.globalknowledge.no/

14^th & 15^th May – Sweden                   – www.globalknowledge.se

8^th & 9^th November – Cyprus               – http://www.securitysummit.com.cy/

2011 has been an amazing year and I’ve been lucky enough to have met some truly amazing people. Starting in January I travelled to New Zealand having won a prize at TechEd 2010 in Berlin courtesy of Joob Software (gosh it seems so long ago). From there on my job took me to some amazing places including Dubai, Lithuania, Serbia, the wonderful Bulgaria and the delightful Macedonia where I got to work with two of my best friends Vladimir Meloski and Paula Januszkiewicz. From there it was onwards and upwards travelling to the states for the MVP Summit in Redmond and to Atlanta for TechEd 2011. Finally I have to mention my friends in Germany and the Nordics, Norway, Sweden, Denmark and Iceland. These are some of my most favourite countries and I’ve had some great times there this year. A big thank you to all my customers and delegates alike, you’ve been amazing.

With the world undergoing a horrible recession I am well aware that many of my friends have suffered and thankfully we have been blessed with survival. But I take nothing for granted as we go into a new year. I started Quality Training 13 years ago and thankfully we have ridden the storm and for that I am truly thankful. A number of Scottish customers commented to that they have not seen much of our Dive Deeper series of events in 2011, well don’t worry I have a few things planned up my sleeve, so watch this space for more details. With 2012 ahead my passport is dusted off for a busy start. First up I’m back to Germany then onward to Seattle and hopefully to speak at TechEd 2012 in Florida and Amsterdam.

A lot of folks have asked me if I have any New Year resolutions.  Well yes, as a matter of fact I do. Firstly I’ve been on a diet for a couple of months. What can I say I just love the candy! Anyway it seems to be paying off. Secondly I’m going to finally finish my book and get it published. The book thing is something I’ve wanted to do for years, so fingers crossed 2012 will be the year. I’ve already written over 100,000 words, 38 chapters and a lot of late nights. I just hope someone wants to read it when complete. So what’s it about, I hear you say? Well just for you, here’s the scoop!

Seven Day’s

By Andy Malone

From a small 17^th Century Scottish Village to the very seat of world power, come’s the story of an ordinary man who makes a discovery so shocking, that it will change the very foundation of life on Earth. As he attempts to uncover the truth, he is inadvertently thrown 300 years into an almost unrecognisable world. Now lost and alone he must he must make new alliances if he is to battle an unfolding nightmare. But as the clock ticks, a conspiracy is unfolding and a deadly assassin who is determined to stop at nothing to protect a secret so shocking that it lies at the very heart of creation itself.

So there you go! Anyway as the year comes to a close I wanted to wish all my family, friends. MCT’s. MVPs, Customers and delegates alike a very Happy New Year. Thank you for your continued friendship and amazing support. I hope that 2012 will be an amazing Year for you. As we say in Scotland, The Lord bless thee and keep thee, the Lord maketh his face to shine upon thee and give you peace this New Year.

All the very best and warmest regards

Andy Malone

In this Short presentation, Microsoft MVP Andy Malone talks aboiut Office 365. Join me as we discuss the features from administration and deployment to integration, co-existence, migration and troubleshooting. We also look at the products themselves include SharePoint, Exchange & Lync. Enjoy.

Well this week I’m speaking at Multiple Microsoft events. The first is Microsoft Sinergija 2011 in Belgrade and the second is Microsoft Vizija 9 in Skopje in Macedonia.  It’s so amazing to see such passion in numbers. I’m looking forward to it.

As a security guy I’m often asked to look over new products and give my feedback.  This week I was contacted by some of those nice folks over at GFI, you know the ones who produce GFI Essentials to name but one.  Anyway they asked me if they could guest post…hey being a generous guy I said no problem. So here you are J

3 Reasons to Use a Network Scanner

A network scanner will help you keep control of many areas and systems of your company’s network. The main benefits of a network scanner are the ability to audit the hardware connected to the network, the ability to detect the software that is running on the network and provide assurance that you are in compliance with regulatory security requirements.

Hardware Auditing

Modern networks are more or less “plug and play”. An administrator can bring in a new PC, plug it into a free socket and voilà, an IP address is assigned and is the machine is ready to be used without any additional configuration. The ease of adding new network devices is a double-edged sword. It allows for networks that scale easily and rapidly, but this also means that the administrator can quickly lose control of his network assets. A network scanner will greatly aid the administrator in this situation. Network scanners are designed to scan your network and probe every device that is connected to it. This allows the administrator to keep an up-to-date inventory of all his hardware assets and it will also help him monitor and detect devices that should not be there in the first place.

Software Auditing

Every network device can run a piece of software. Hackers very frequently exploit bugs in this software to gain unauthorized access to your systems. To stop this threat, administrators perform a process called patch management, allowing them to look out for vulnerability notifications and download and install patches where necessary. On large networks it is not feasible for a system administrator to monitor every piece of software on every machine. For this task he will need a network scanner. Network scanners probe every single network device that they find, and determine whether a device is running insecure or outdated software. Good network scanners can detect unauthorized software running on client and server PCs. This greatly reduces the risk of cyber-attacks and virus outbreaks.

Regulatory Compliance

Companies that process or store customer credit card data must adhere to strict laws and regulations to ensure that this data is safe. One such regulation is the PCI Data Security Standard (PCI DSS), which is mandatory regardless of how small or big a company is. If a company is processing credit cards, it must comply with PCI DSS. There are stiff penalties for those found not in compliance.

Fighting Fire with Fire

Network scanners are a hacker’s favorite tool and many network scanners are available to them. These tools probe your network allowing a hacker to map-to-map parts of your network infrastructure and look for vulnerabilities. To counter this threat, always use a professional, enterprise quality and up-to-date network scanner and detect vulnerabilities before a hacker does.

This guest post was provided by Jeremy Pullicino on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

All product and company names herein may be trademarks of their respective owners.

With Cybercrime on the increase and social networking sites like Facebook about to reach 600 Million users protecting and informing your loved ones, business and government infrastructure have never been so important. Today I’m in Jersey (the original) and I’m speaking at a digital parenting event. I’m delighted to be part of events like this as I get the opportunity to not only explain some of the dangers but also show them.

Tonight my session is Cybercrime: Inside the mind of a hacker. This 90 or so minute session looks at everything current including social networking, identity theft and of course just who are the bad guys and how to they operate. So if you’re around the event starts at 6.30pm with a BBQ followed by my session at 7.30pm. BTW a few tools to get you started. Protect your PC With Microsoft Security Essentials. It’s as good as any paid anti-virus solution http://www.microsoft.com/en-gb/security_essentials/default.aspx. BEWARE OF A FAKE PRODUCT CALLED SECURITY ESSENTIALS 2011. Only use genuine Microsoft software. Another great “digital parent” is K9. It allows you to easily configure rules for how your kids use the internet and chat services. http://www1.k9webprotection.com/

And finally a great solution that captures the nasty stuff while it’s still out there. Open DNS is a free or at most almost free service which aims to capture all the nasty stuff before it comes knocking at your door. http://www.opendns.com/

There you have it. See you there… http://www.gov.je/News/2011/Pages/DigitalParentingDay.aspx

Well having been shrouded in much secrecy Windows 8 finally came to the table yesterday. BTW I do mean shrouded in secrecy. Even as a Microsoft MVP, we have been kept away from getting a glimpse. Strange as I would have thought that getting your core evangelists on board to tell the world but alias no, like everyone else we have to attend Microsoft Build, which is the new trendy name for its latest developer conference.

On top of the agenda of course was Windows 8, which I am glad to say I’ve been looking forward to for some time. Initially downloadable as a “Developer Release” this version does NOT have all the bits yet and as such it might (does) seem a bit clunky, especially if you don’t have a touch enabled PC. Which let’s face is the vast majority of the population does not (except the IPhone or Ipad of course). First impressions! It’s very Windows phone(ish), so if you’re not a fan then watch out.

However that said my initial reaction is generally good. The installation process on a 64bit Dell Studio XPS was smooth. In terms of hardware requirements MS are not saying very much other than it will run on anything fairly modern. However to get the full functionality you will need a Touch enabled device with technologies like USB3 and a face recognition capable camera etc. In terms of the desktop experience…I like the tiles, although once in an application, if you don’t have touch it’s pretty difficult to get out of. I’m sure they will fix this though.

Once you have access to the desktop things start to look familiar, the start menu (now a square) the taskbar (yawn, come on guy’s it’s almost 7 years old). However I do like the new task manager, which makes me want to look under the surface. Watching the keynote’s various demos’ some pretty impressive trickery was shown, including the new fast boot feature. This I’m sure makes great use of our old friend the Hiberfill.sys file.  One feature I really love is the ability to log in with your Live account and sync your photos and data direct to the cloud. Also in terms of security it looks like face recognition is finally going to see the end of the dreaded username and password.

Now over the coming months we will of course see the Beta release which will no doubt complete the OS with missing features and functionality but, as long as you see this for what it is “A Developer Preview” then I think you will be suitably impressed. Now if you missed the keynote for build you can watch it here http://www.buildwindows.com/

This week I’ve been in London teaching one of my favourite classes Implementing Microsoft Active Directory Federation Services 2.0. Now if you like me have a vested interest in cloud computing this is a skill that you must get on board with ASAP.  ADFS can be deployed in a number of Scenarios to allow businesses to:

1. 1. Connect to and Interact with a cloud provider, Office 365, Google etc.
2. 2. Deployed to allow staff to connect from the internet to use internal web applications such as SharePoint.
3. 3. In a business to business scenario which provide the capability for business partners to federate data between them.

Personally I think if you are interested in attending the new Office 365 Ignite training then this is one class that is an obvious compliment. The course is MS 50412 and is a 4 day class.  Now in terms of set up there are a few pre-requisites such as either installing a Certificate Authority )CA) or obtaining a public certificate from the likes of VeriSign or GoDaddy.com. Next download ADFS V2 form the Microsoft website http://www.microsoft.com/download/en/details.aspx?id=10909 For a great deployment  guide click here http://technet.microsoft.com/en-us/library/adfs2-deployment-guide(WS.10).aspx Now as well as the deployment guide check out the design guide http://technet.microsoft.com/en-us/library/adfs2-design-guide(WS.10).aspx John Crtaddock is on of my fellow speakers who presents at TechEd and he is probably of the world most foremost experts on Active Directory and ADFS check out his session videos on TechNet and the TechEd Online website http://64.4.11.252/en-us/edge/active-directory-federation-services-with-john-craddock.aspx Now a number of bloggers have created step by step guides on hopw to connect AD to Office 365 using ADFS V2.0 so rather thaan replicate them here, this is a good one http://blogs.technet.com/b/danielkenyon-smith/archive/2011/05/10/configuring-adfs-v2-0-for-office-365.aspx Daniel give a great walkthrough. Also I was looking for a good reference point of the claim rule language for ADFS and found this on TechNet, it’s a great primer http://technet.microsoft.com/en-us/library/dd807118(WS.10).aspx Finally in terms of Troubleshooting take a look at this http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=21856&zoneid=101 and this http://www.facebook.com/note.php?note_id=488993938234&comments&ref=mf and this http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-guide(WS.10).aspx

This week I’m off to Oslo for a week of Office 365. In reference to my last post on hot security trends for 2011 I began to think what would be the trends for the folks who want to keep their skills up to date. Last week I went on an exam blitz and completed both Lync Server 2010 exams to become an MCITP Lync server Administrator. In this period of what I call the calm before the storm. That’s the period before Microsoft normally release a ton of new products it’s a great time to ensure your skills are up to date. With the economy looking as grim as ever I think it’s important to ensure that you are marketable. Don’t make excuses and wait for somebody else to control your destiny , you have to take the reins.

In 2010 we will no doubt have the latest version of Windows, Office, Exchange and SharePoint (I like to call these the 15 wave). How do you know that I hear you ask? Experience my friend, every time MS have released a new version of Windows the others have been very close behind. So if you are thinking about updating your skills and you are let’s say an MCSE then do it now, don’t wait. 2003, Windows XP they are so OLD. The skills and knowledge gap is slipping away from you my friend. You have hot shot kids snapping at your heels, don’t take knowledge for granted. Microsoft Certification has gone through a bit of a revival recently with partners having to renew out-dated certifications and contractors scrambling to learn the new stuff before new contract are announced.

But what are these golden nuggets of knowledge Andy, I hear you say what are these HOT product areas to focus in on?  Well it’s your lucky day, I’ve listed them below. For more information visit the Microsoft Learning portal www.microsoft.com/learning it’s packed with goodies to help you on your way. Also TechNet is a must at www.microsoft.com/technet Good luck J

1. 1. Microsoft Windows 7 Upgrade!
2. 2. Windows Server 2008 R2
3. 3. Microsoft Lync Server 2010
4. 4. Microsoft Forefront Identity Manager
5. 5. Active Directory Federation Services V2.0
6. 6. Microsoft Virtualization (Check Out System Centre Virtual Machine Manager Beta 2012)
7. 7. Microsoft SharePoint 2010
8. 8. Microsoft Exchange Server 2010
9. 9. Windows Azure
10. 10. Microsoft Private Clouds

Best of luck!