Questions about virtualization and security?

Yesterday, Donnie Hamlett, a Microsoft core infrastructure optimization specialist, gave a webcast and played a video of my TechEd presentation on virtualization and security. Some of the viewers had questions, and I offered to Donnie that they could come to my blog to post them. I’ll extend that offer to all of my readers—if you’ve…

4

Ethernet and WiFi and Bluetooth, oh my!

Customers have long requested a way to configure a computer to automatically disable its wireless NIC when its Ethernet is in use. Many third-party utilities can do this for you, but neither XP nor Vista have a built-in way to accomplish this, nor will Windows 7. Although having both NICs enabled first appears to cause…

19

Internet Explorer security levels compared

A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE’s "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security zone templates. No wonder it’s difficult to find — the terminology is different, and the table is…

9

Directly connect to your corpnet with IPsec and IPv6

Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere! So I’ve been kinda swamped. I’ve missed writing here; it’s…

26

Microsoft IPsec diagnostic tool

IPsec is a wonderful technology for identifying computers and securing the exchange of data between them. I’ve written and spoken extensively about in the past. It is, however, a bit of a challenge to configure, especially if you’re newly learning about it. Microsoft recently released a diagnostic tool to help you create and test your…

2

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that…

13

Curious about the ways Windows talks to the Internet? Here's your answer.

I was browsing through the Microsoft download pages today — yeah, even we employees occasionally find little nuggets interspersed among the usual updates and such. I noticed a pair of whitepapers that will answer a common question I hear from many of you in emails and at conferences. You’ll want to keep these handy. Using…

1

BitLocker command line interface

Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I’ve mentioned it but didn’t show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating system). To run it: Open an elevated command prompt…

15

Windows Vista vs. hotels

At many TechEds this year I’ve presented information about the new TCP/IP stack in Windows Vista. One of the important advances is its automatic performance tuning. With some of the early pre-release builds of Windows Vista, people were reporting problems with public Internet connections, most notably in hotels. Some of the routers used in hotels don’t…

13

Configure your router to block DOS attempts

Some time ago I had a discussion with a friend. He disagreed with my recommendations on how to configure a border router and the firewall behind it. I claimed that in the border router between you and your ISP, configure the six rules to block most denial of service traffic; in the firewall, configure additional packet filtering and…

12