Directly connect to your corpnet with IPsec and IPv6

Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere! So I’ve been kinda swamped. I’ve missed writing here; it’s…

26

Do you need RMS/IRM in Office for Macintosh?

Please let me know if this is a feature you’d be interested in. We’re looking to build the business case to develop it, and the best way to do that is for you, our customers, to let us know. Also, if any of you want to deploy RMS now but can’t because there’s currently no…

19

Microsoft IPsec diagnostic tool

IPsec is a wonderful technology for identifying computers and securing the exchange of data between them. I’ve written and spoken extensively about in the past. It is, however, a bit of a challenge to configure, especially if you’re newly learning about it. Microsoft recently released a diagnostic tool to help you create and test your…

2

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that…

13

Myth vs. reality: Wireless SSIDs

Do you ever wonder sometimes how it is that some ideas just won’t die? Like the thought that not broadcasting your wireless network’s SSID will somehow make you more secure? This is a myth that needs to be forcibly dragged out behind the woodshed, strangled until it wheezes its last labored breath, then shot several…

27

The bad guys will use BitLocker, too

Got an email today from a customer asking about how BitLocker will affect the ability of law enforcement to conduct forensic analysis of a protected hard drive. Specifically, the person was asking about any back doors that law enforcement could use to bypass the encryption. The answer is very simple, and I’m sure not what…

14

Protect your data: everything else is just plumbing

Take a few moments and indulge in a thought exercise with me. Consider your company’s complete collection of information processing assets—all the computers, the networks they’re connected to, the applications you use, and the data and information you manipulate. Which of those is the most valuable? Which—if it suddenly and tragically disappeared tomorrow—would jeopardize your…

7

When you say goodbye to an employee

…what do you do with his or her account? Recently this question came up — someone was asking for guidance on how to handle this very situation. And, as often happens, the question was more about process and policy than anything to do with the technical issues of account management. Those of you who’ve followed…

6

BitLocker command line interface

Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I’ve mentioned it but didn’t show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating system). To run it: Open an elevated command prompt…

15