So I was actually in the United States for a couple of days last week and decided to get the long overdue ISA server running at home. After all, how hard could this be? In ISA 2004, with the new "firewall configuration by cartoon" interface, you just...

After one of my recent articles I ended up in a discussion with someone over blocking easy attacks by unsophisticated attackers. For example, I said you should not worry about Rainbow Crack. What is important is protecting the password hash database because...

I have received more and more queries about whether to worry about password cracking, and what to do to avoid it. It seems it may be time to document this a bit better. It is all, of course, already in Protect Your Windows Network, but I am also working on a new TechNet column on the topic. In the meantime, here is an excerpt from the column. More than likely the column will be in the October TechNet Security Newsletter....

A friend just pointed me to an interesting blog post . The premise is that logon dialogs should not be asking for a username. Mostly the blog post points to why the username provides no value, not really expanding the argument that it is superfluous....