Enabling Secure Anywhere Access in a Connected World

A few times each year, Bill Gates or Steve Ballmer publish an executive memo. The first memo was Bill’s essay on trustworthy computing, in July 2002. Today Bill has a new memo, one that is very important for all of us who strive to achieve a balance between being secure and, well, getting work done. Some…

1

Did you know that you ALREADY have an e-mail policy?

An email access policy can be expressed in one of two ways: E-mail is mission critical to our business. Therefore, we permit employees to read and compose e-mail from any location in the world where employees can access the Internet, using either company-issued devices or public Internet terminals. This allows our employees to be maximally productive. E-mail is mission critical…

7

Configure your router to block DOS attempts

Some time ago I had a discussion with a friend. He disagreed with my recommendations on how to configure a border router and the firewall behind it. I claimed that in the border router between you and your ISP, configure the six rules to block most denial of service traffic; in the firewall, configure additional packet filtering and…

12

Should your ISA Server be in your domain? Film at 11!

So it would seem that a statement I made during TechEd US last week in Boston has mildly stirred a bit of controversy — no surprise there, I guess, heh. One of my presentations gave an overview of what’s new in ISA Server 2006 (download your copy of the release candidate or try it out in some virtual…

10

What do YOU need out of two-factor authentication?

Two-factor authentication continues to grow in popularity and emerge as a security requirement for many people I meet with. At Microsoft, we use smartcards internally for VPN access right now; soon we’ll be requiring smartcards for domain logon, too. We are also looking at ways to require two-factor authentication for web-based services, like Outlook Web Access, published…

41

Remote Access Quarantine (TechNet Magazine article)

http://www.microsoft.com/technet/technetmag/issues/2006/03/SecurityWatch/default.aspx In those good old  easy-to-manage pre-mobility days, personal computers presented few actual threats to a network. Sure, there was the occasional virus you’d get from a borrowed floppy disk, but the rate, or at least the speed, of infection was pretty low—limited substantially by the low bandwidth and high latency of “sneakernet” technology. In…

9

How to secure your wireless network

I’m now a contributing editor for TechNet Magazine. Everyone with a TechNet subscription automatically receives it; if you don’t have one, you can still get the magazine free. The magazine’s published three issues so far: Winter 2005, Spring 2005, and November-December 2005. You’ll especially enjoy the “Hacking” series in the first issue, where Jesper writes up his “Anatomy of a…

4

August article: 802.1X on wired networks considered harmful

Several months ago I learned from Svyatoslav Pidgorny, Microsoft MVP for security, about a problem in 802.1X that makes it essentially useless for protecting wired networks from rogue machines. Initially I was a bit skeptical, but the attack he described is in fact true — I’ve seen it myself now. So I’ve been explaining the attack at conferences…

15

Securing Terminal Services over the Internet

In my presentation on remote access at TechEd, I gave three scenarios: web-based access to internal resources, published with ISA Server “desktop over the Internet” using Terminal Services and the remote desktop web connection full IP-based virtual private networks with L2TP+IPsec In the discussion on TS over the Internet, I failed to mention a very…

2

New column -- Using IPsec for network protection

I’m now writing semi-regular articles for TechNet. These are part of the security management series, and they’re also linked from the security newsletter.   The first column is a two-parter about IPsec. Part 1 describes the technology: how it operates, its various modes and methods, a bit on IKE, and how it works over NAT.   http://www.microsoft.com/technet/community/columns/secmgmt/sm121504.mspx…

6