Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

October, 2005

  • How to make ISA stop ALL useful traffic - for some users

    So I was actually in the United States for a couple of days last week and decided to get the long overdue ISA server running at home. After all, how hard could this be? In ISA 2004, with the new "firewall configuration by cartoon" interface, you just...
  • Raising the security bar, or...

    After one of my recent articles I ended up in a discussion with someone over blocking easy attacks by unsophisticated attackers. For example, I said you should not worry about Rainbow Crack. What is important is protecting the password hash database because...
  • Should you worry about password cracking?

    I have received more and more queries about whether to worry about password cracking, and what to do to avoid it. It seems it may be time to document this a bit better. It is all, of course, already in Protect Your Windows Network, but I am also working on a new TechNet column on the topic. In the meantime, here is an excerpt from the column. More than likely the column will be in the October TechNet Security Newsletter.
  • Are usernames superfluous?

    A friend just pointed me to an interesting blog post . The premise is that logon dialogs should not be asking for a username. Mostly the blog post points to why the username provides no value, not really expanding the argument that it is superfluous....