How to secure your web server and transactions via PKI and ISA – check out my detailed article in TechNet Magazine

  I’ve recently written an article for November/December’s TechNet Magazine which looks in detail at how to secure both your web server and transactions between it and your customer’s browser(s). It’s pretty technical and is approximately two and a half thousand words. I show you step by step how to implement the Public Key Infrastructure…


Royal Holloway MSc in Computer Security

<I’ve edited this post to add a link to the pictures together with the following image> Thank you to everyone I met at Royal Holloway from the MSc in Computer Security (distance learning) course. I can honestly say I rarely get to meet to many interesting people in a single room. I thoroughly enjoyed presenting…


What’s the best way to build/design/architect a windows server environment?

Shawn posted an interesting article along these lines which is accessible here Browse to to download free blueprint guidance for building a wide range of data centre scenarios. MSA stands for Microsoft Systems Architecture, just to keep you on your toes the name has recently changed to Windows Server System Reference Architecture(WSSRA) however the…


Add security requirements to your functional spec and acceptance testing as the result will be more secure code and less risk

Matthew Fisher has written written an interesting article for the Industry Insider’s blog which is hosted on TechNet. We’re getting quite a few submissions from people like Matt who have best practise advise for you based on their practical experience. If you have something you’d like to share then browse here for details on how to contribute. You…


Nice article about preventing SQL Injection

Rhys Wilkins recently made me aware of an article which advises several good practises in making sure your code isn’t susceptable to SQL Injection attacks. The first prosecution (that I’ve heard of) was way back in 1996! The article is located here. It’s amazing just how many public websites include applications which can be compromised in this manner…


What is RIPA and why is it important to your organisation?

RIPA is an acronym for The Regulation of Investigatory Powers Act 2000 which is a piece of UK legislation governing the right of the authorities to recover information from UK organisations as required for investigations. I am not a legal expert, make no claims to be, and therefore I suggest you consult with one before…


How Microsoft secure our own systems – ITShowCase

Another resource I’ve mentioned when presenting @ TechNet events is ITShowCase – the following URL is the home of a wealth of information (including “how to” build guides) written by our internal technical administrators and architects when building and securing our infrastructure:


Looking for UK security metrics? The DTI Information Security Breaches report can be found here..

I’ve spoken at a number of TechNet events recently at which I’ve mentioned the DTI report as a useful source of UK metrics for security breaches and risks. The latest report(released in 2004) is located at the following URL. The report is released every other year at the UK’s largest information security show – namely…