Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Windows Secrets, is a moderator on the PatchManagement.org listserve and SBS2k, and was one of the authors of Windows Server 2008 Security Resource Kit. . In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, an Exchange Server, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at www.sbsdiva.com and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

The Latest from Susan

How-To

3 ways to make your Windows network harder to attack

Start the new year right by checking these three areas for potential vulnerabilities in your Windows network. Don't make it easy for attackers.

How-To

How to fix insecure LDAP binds to prevent exposed Windows admin credentials

Although Microsoft has a permanent fix on the way, it's possible that you're exposing domain admin account credentials in cleartext. Here's how to check for and solve that problem.

How-To

Two tips to make multifactor authentication for Office 365 more effective

Here's how to set up "break glass" accounts for emergency admin access to Microsoft Office 365 and brand your Office 365 log-in page to foil fake pages.

How-To

How to use Microsoft Compliance Score to improve data protection

The new Compliance Score console in Microsoft 365 offers templates and advice to help meet the ever-growing list of regulatory data protection and privacy rules.

How-To

How to protect your business from holiday attacks

Attackers see opportunity in the holidays, but these simple steps and considerations can help block their efforts.

How-To

How to secure your DNS traffic under Windows

DNS traffic is prone to snooping, and it’s often far too easy for attackers to hijack and change a company’s DNS settings. These simple steps will amp up your DNS protection.

How-To

How to manage Windows 10 1903 and 1909 security updates

Your Windows update controls might be out of date if you haven't reviewed them since the 1803 update or earlier. Here are the new settings you need to know.

Updated

Best new Windows 10 security features: Longer support, easier deployment

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 1909 feature release.

How-To

How to build a Windows disaster recovery toolkit

Sooner or later, a security incident will shut down or disrupt your network. You'll be better prepared with these items in your disaster recovery toolkit.

How-To

How to lock down enterprise web browsers

Your organization's web browser is essentially your operating system for the cloud. Secure it appropriately.

How-To

How to disable LLMNR in Windows Server

Link-Local Multicast Name Resolution is usually not needed in modern networks and leaves the door open to man-in-the-middle attacks. Here's how to shut it off.

How-To

How to audit permissions after a Windows migration

As companies move off Windows 7 and Server 2008, they run the risk of leaving dangerous access permissions behind. Here's how to find them.

Feature

How to secure Microsoft-based election, campaign systems

Microsoft has issued guidance and provided resources for local election bodies and candidate campaigns to help protect systems and communications.

Feature

6 known RCE vulnerabilities in enterprise VPNs and how to minimize the risk

Enterprise VPNs might not always be as safe as you think. Be aware of these RCE vulnerabilities in popular enterprise VPN solutions.

How-To

How to protect and safely erase data on Windows devices

Microsoft's BitLocker now uses AES encryption, but will default to the storage device's hardware encryption unless you make this setting, which will also allow you to easily sanitize drives.

How-To

How to migrate smartphone users to the Outlook app with Intune

With the pending retirement of Microsoft Basic Authentication, the best way to protect mobile device users connecting through Exchange is to move them to Outlook.

How-To

How to detect and halt credential theft via Windows WDigest

Attackers can steal user credentials by enabling credential caching in the Windows authentication protocol WDigest. Here's how to stop them.

How-To

Security and compliance considerations for Microsoft Teams

Admins will need to make these decisions around security and governance when porting from Office 365 Pro Plus to Microsoft Teams.

How-To

How to disable legacy authentication in Microsoft Exchange to enable MFA

Microsoft recommends enabling multi-factor authentication for Office 365. To do so, you must also disable basic or legacy authentication on Microsoft Exchange Server.

How-To

7 steps to ensure your Azure backup works when you need it

Worried about ransomware attacks? The best thing you can do now is make sure your backup system is ready.

Popular Resources

eBook
Sponsored

How to secure your bank's content in the cloud
eBook
Sponsored

UC&C Troubleshooting Guide
White Paper

Veracode Static Analysis: The Right Scan, At the Right Time, in the Right Place
eBook
Sponsored

7 Killers of CIO Credibility
Video/Webcast
Sponsored

Beauty and the Bane: Digital Transformation & Cloud Risk Mitigation

See All