Recently I had the opportunity to review the Microsoft System Center Endpoint Protection Cookbook from PACKT Publishing. The “cookbook” series from PACKT provide clear, concise instruction on how to accomplish various tasks with specific products. Written by Andrew Plue, a System Center veteran and consultant for Certified Security Solutions, this book provides a wealth of valuable information for engineers and administrators seeking to deploy System Center Endpoint Protection (SCEP) in their environments. The timing of this book review was perfect for me, as I was preparing to build out a product demonstration lab and wanted to leverage the endpoint protection components provided by System Center Configuration Manager 2012. Installing SCCM and SCEP is not exactly intuitive, but thankfully the book provided detailed, prescriptive guidance on how to implement, configure, and manage SCEP including a chapter dedicated to building out a SCEP lab environment. If you are considering a migration from Forefront Endpoint Protection (FEP) 2010 or a competing third-party solution, you’ll definitely want to add this reference to your library soon.
Keeping the base operating system of your Forefront TMG 2010 firewall up to date is vitally important to the overall security of your edge security solution. To manage system updates, many administrators will configure their Forefront TMG 2010 firewalls to use Windows Update or WSUS, or manage them using System Center Configuration Manager (SCCM) or another third-party systems management platform.
In my experience, SQL server running on the Forefront TMG 2010 firewall is often overlooked and commonly not updated. I believe this happens because updates for SQL server are classified as optional.
So, as a reminder, don’t overlook updates for SQL server on Forefront TMG 2010 firewalls or UAG 2010 servers! Using the Windows Update control panel application, select the option to install the latest service pack for Microsoft SQL Server 2008, which at the time of this writing is Service Pack 3. You can install the service pack directly if you choose; SQL Server 2008 Express SP3 can be downloaded here. After applying the latest service pack you can confirm that SQL has been updated by opening an elevated command prompt and entering the following commands:
osql -E -S .\msfw select @@version [press enter] go [press enter]
The output of the command should indicate that the installed SQL version is Microsoft SQL Server 2008 (SP3) – 10.0.5500.0 (X64).
Note: Applying service packs and updates to SQL is highly recommended to maintain the most secure Forefront TMG 2010 firewall possible. Upgrading the version of SQL installed on the TMG firewall is not supported and definitely not recommended, so don’t attempt to upgrade to SQL Server 2008 R2 Express.