Server: Microsoft-IIS/7.0\r\n

I'm back! a week holiday in Europe. It was just ok :) not specifically good or bad. It could be just me, as my wife seems to enjoyed it pretty well. Now, I'm very busy :( ton of things to catch up - hundred of office emails, thousand of forum/newgroups postings, bla bla.... I have been working since I arrived on Sunday. Arghhhhhhhhhhh! hate holiday :p

Anyway - while I was catching up with my RSS feeds, found this very interesting blog post by Harry, it's about two Windows Rootkits article links from SecurityFocus.

MSCOM team is so nice to publish the Q&A after their webcast series couple days ago.
Lot of interesting questions regarding how MSCOM design MS.com and why they do it that way... So start reading...

High Availability Architecture with Microsoft.com Operations (Level 200)

Configuration Management of Web Farms with Microsoft.com Operations (Level 200)

Change and Release Management Strategies with Microsoft.com Operations (Level 200)

Monitor and Manage an Enterprise Platform with Microsoft.com Operations (Level 200)

Troubleshooting and Debugging Web Hosting Environments with Microsoft.com Operations (Level 300)

My fav Q&A:
Hi, does MS.com use ISA Server 2004?
We do not. We are a site that has so much traffic and so any attack attempts that we use other solutions. For  www.microsoft.com we use Cisco Guards do to packet filtering at the edge. We also use acls on the routers and we only allow ports 80 and 443 to have access.
----------
No ISA at all ? LOL, ISA folks for sure not going to be happy when they hear this.

Have been rather busy and  traveling again, trying hard to keep up with newsgroups as well as the latest development in web space. I have captured couple of interesting articles or news, well it maybe abit late, but heck, it is good stuff! So, let's start with the good one, with recent launch of VS2005, SQL 2005 and Biztalk 2006, Microsoft is giving out free Visual Studio Express for 1 year, 1 year? so next year you need to pay? well, if you get it next year - I'm not sure. But if you get it within 1 year from now........ it's definitely FREE :) confuse ? errr. read the pricing FAQ here. 

Next along with what I posted few days ago about the free stuff from Microsoft Learning, you can also read the ASP.NET 2.0 Quckstart Tutorial hosted at beta.asp.net. If you are like me, like to know more about the overall changes and improvement in .Net 2.0, please visit What's New in the .NET Framework Version 2.0, changes including 64bits support, what's new in ASP.NET 2.0 and a lot more. Now, with 2.0 released, how do you deployed new 2.0 applications along side with the existing version? No worries, David and Chris have blogged about this and show you the way to run asp.net 2.0 site by site as well as configuration using the aspnet_regiis.exe.

Let's see, what else is interesting? Ok, related IIS 7, there's another podcast by Brett Hill over at Channel 9, and Michael Howard talked about the more reduced attack surfaces in IIS 7 early this month. Now, some security news - there's been numerous reports about new XML-rpc worm in the wild targeting on PHP based blogging, wiki and content management application, more detail from SANS, NetCraft, Bugtraq, and Symantec. So, if you are running of the application listed in Symantec link, make sure you have deployed the related patches. Since we are in security topic, you might want to read this nicely written Threat Modeling Web Application article from Microsoft patterns & practises.

That's all for now, I'll be in Europe for holiday at the end of this month :) finally! manage to find a some time off and forget about work! Somewhere around Thanksgiving, and will be traveling again for first ftwo weeks in December before Christmas :(  Kinda love and hate my job at the same time....... what to do? :)

More webcasts for November!!! Thanks to MSCOM Operation Team!

TechNet Webcast: High Availability Architecture with Microsoft.com Operations (Level 200)
Monday, November 07, 2005 11:30 AM (GMT-08:00) Pacific Time (US & Canada)
Hear from the Microsoft.com Operations system engineers who operate the highest-scale Microsoft Internet Information Services solutions on the Internet, including www.Microsoft.com, Windows Update, MSDN/TechNet, Downloads, and more. These experienced engineers share their Web hosting secrets for high availability architectures, including the areas surrounding network security, cluster and host-level load balancing, and Web and database server distributions.

TechNet Webcast: Configuration Management of Web Farms with Microsoft.com Operations (Level 200)
Tuesday, November 08, 2005 9:30 AM (GMT-08:00) Pacific Time (US & Canada)
Get one-on-one interaction with the Microsoft.com Operations senior system engineers responsible for running www.Microsoft.com and Windows Update to see how they perform scripted administration and deployment of configuration settings across the infrastructure. In this webcast, the engineers show sample scripts and provide visibility into how they leverage various commands to be released with Microsoft Windows Server 2003 and Microsoft Internet Information Services 6.0.

TechNet Webcast: Change and Release Management Strategies with Microsoft.com Operations (Level 200)
Wednesday, November 09, 2005 11:30 AM (GMT-08:00) Pacific Time (US & Canada)
The Microsoft.com Operations team provides pointers on how you can effectively manage your software updates, providing examples from the team's experience with operating system deployments, service pack releases, and security updates. This webcast also covers the approach that Microsoft.com Operations takes to application releases. You will learn about the strategies that the team uses to work with the product development teams across Microsoft including developers, testers, and program managers.

TechNet Webcast: Monitor and Manage an Enterprise Platform with Microsoft.com Operations (Level 200)
Thursday, November 10, 2005 11:30 AM (GMT-08:00) Pacific Time (US & Canada)
Partner with the senior engineers at Microsoft.com Operations to learn how they manage over 2,000 servers running Microsoft Windows 2000 Server in three remote data centers. This webcast describes how the Microsoft.com Operations team uses a suite of technologies and operational processes for asset management, performance data collection and reporting, and system and application level uptime analysis. This session also describes how Microsoft.com uses Microsoft Active Directory and Microsoft Operations Manager for server management.

TechNet Webcast: Troubleshooting and Debugging Web Hosting Environments with Microsoft.com Operations (Level 300)
Friday, November 11, 2005 11:30 AM (GMT-08:00) Pacific Time (US & Canada)
Dive under the hood with our senior system engineers at Microsoft.com Operations to learn how they troubleshoot and debug hosted Microsoft ASP.NET applications and database-driven systems. This webcast provides real-life examples that explain how to use popular tools such as LogParser, Server Performance Advisor, Performance Monitor, and Network Monitor. The webcast also includes some common procedures that you can use when these tools fail to help you find the root cause of a problem.

TechNet Webcast: Finding IIS Bottlenecks using Server Performance Advisor (Level 200)
Microsoft Internet Information Services (IIS) has been a "black box" for many versions now. Have you had the urge to open it up? IIS 6.0 on Microsoft Windows Server 2003 delivers a strong infrastructure for finding problems with Web applications. Using Microsoft Windows Server 2003 Enterprise Tracing for Windows (ETW), the Server Performance Advisor (SPA) can compile statistical data on your Web applications for later review. This webcast covers the basics around SPA and ETW and looks at how to set up, configure, and analyze the data collected by SPA.

TechNet Webcast: Using Host Headers with SSL-Enabled Web Sites in IIS 6.0 (Level 200)
According to Microsoft Knowledge Base, using host headers with Secure Sockets Layer (SSL) enabled Web sites in Microsoft Internet Information Services (IIS) is not supported. With IIS 6.0 and Microsoft Windows Server 2003 Service Pack 1 (SP1), however, IIS can now host multiple Web sites (virtual servers) using the same IP address and unique host headers. This webcast describes the minimum requirements necessary to use this SP1 feature and also explains how to configure it. Follow along as the presenter shows you how to use wildcard certificates to enable you to use host header sites with SSL.