TechEd IT Professional EMEA: Security Track Top 5
I continue my series of Top 5 sessions at TechEd IT Professional with the Security track who is owned by Michael Anderberg and Michael Kalbe
Do These Ten Things Now or Else Get 0wn3d!
New to information security? Or been around so long that you feel your skills need lubricating? Well, then don't just sit around the lunch table with strangers and make small talk. Instead, come to Steve Riley's lunch session covering the ten most important things you need to do right now to get and stay secure. Perhaps it'll seem like common sense, but you'd be amazed at how people often overlook the basics. You can address most of today's security risks by following a few simple steps, none of which involve following massive checklists, performing strange incantations or purchasing curious products from unknown companies. So bring your appetite for excellent security guidance and enjoy (re)learning what you need to know to protect your data.
Windows Security Boundaries
In this session, learn what constitutes a security boundary; get a tour through core Windows technologies, including user sessions, Code Integrity, PatchGuard, Service Security Hardening, and User Account Control, to learn where Windows currently defines such boundaries; and gain insight into why application compatibility and user experience make defining boundaries much more difficult than it might seem.
Anatomy of a Hack 2008
Lately there has been an increase in attackers attempting to monetize user's naivety. One of the methods currently in vogue is the use of fake anti-malware software, for which the user is expected to pay. This method permits the attackers to not only install malicious software on an unsuspecting user's computer, the victim also pays the attackers for the privilege. In this presentation, Jesper Johansson will demonstrate one such attack and show how to tell that it is fake.
Jesper Johansson
Windows Logins Revealed
Every day we log into our Windows systems. But what really happens when we do? How DO our workstations and our domain controllers exchange logon information without revealing our passwords? Security hardening guides talk about how scary old-style LM, NTLM and NTLMv2 logons are, but why EXACTLY do they say that - particularly when it's practically impossible to keep all of the old-style logins from happening even in the most modern network? How DOES AD's favorite logon protocol, Kerberos, work? How is it more secure than the old guys and where should you look more closely at securing it? Everyone wants to harden their systems and Windows supplies a wealth of really neat group policy and Registry settings but many people still haven't taken those simple hardening steps because, firstly, they don't understand them entirely and secondly, they fear compatibility problems. Join expert Windows explainer and security geek Mark Minasi in an in-depth look at how Windows logins work, how they can not work (and how you can fix them) as well as how to better secure them. After seeing this talk, you will have NO excuses for not tweaking those group policy security settings!
Mark Minasi
Technorati Tags: TechEd IT Professional,Security,Steve Riley,Mark Russinovich,Jesper Johansson,Mark Minasi