Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Options
Search Blogs
Tags
Archive
Archives

April, 2008

TechNet Blogs » Roger's Security Blog » April, 2008
Sort by: Most Recent | Most Views | Most Comments
Excerpt View | Full Post View

  • How to do security in Development

    Posted over 6 years ago
    by rhalbheer}

    Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development:

    "How Do I?" Videos for Security

    And this time you can even download them in the format you want J J

    Roger

  • All the Vista SP1 Features where you have time to read them :-)

    Posted over 6 years ago
    by rhalbheer}

    I just found this blog post: In Japan there is toilet paper with all the Vista SP1 features on it…. At least, there you have time to read

    Windows Vista SP1 Toilet Paper - It's really available now

    Roger

  • Microsoft Diagnostics and Recovery Toolset

    Posted over 6 years ago
    by rhalbheer}

    Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there are recovery toolsets out there but with our acquisition of the sysinternal tools, the value of ours grew significantly. I just tested the latest version for Vista and believe me – it rocks (as far as a tool can rock that tries to recover me from a crash…). If you need information on this, there you go: Microsoft Diagnostics and Recovery Toolset

    Let me give you a very brief insight:

    Basically DaRT is based on the Vista Recovery Toolset. So, when you boot, you get a pretty familiar screen:

    The only different is, that you see the link at the bottom to the Microsoft Diagnostic and Recovery Toolset – where all the magic happens J. If you decide to choose them, you get a broad selection of tools:

    ERD Registry Editor: A registry editor for the OS you selected during the boot time

    Explorer: Speaks for itself: Browse through the disks

    Locksmith: With locksmith you can reset the passwords of all the local accounts. (you need physical access to the box to do this and have a look at this post before we start a big discussion on this: Windows Vista Recovery Console and the Password)

    Solution Wizard: This is a cool thing. If you are unsure which tool you need to use, try this wizard and you are guided to the solution:

    Crash Analyzer: If you have a mini-dump on the disk and include a debugger, you can look at crash dumps

    TCP/IP Config: Obvious thing – but. Often I failed to access any resource on the network with these recovery toolsets as I could not change the network configuration (e.g. I have a fixed IP, am on a different network and should simply switch DHCP on).

    File Restore: Restore accidentally deleted files

    Hotfix Uninstall: If your system does not boot anymore because of a hotfix, this is the way to remove it (even though this never happens, does it?)

    Disk Commander: Tools to fix your disk if you have problems with it.

    SFC Scan: As the title says: Repair your system files

    Disk Wipe: Securely erase your disk

    Search: Hmm, cannot remember what this tool does J

    Computer Management: It is not the "normal" Computer Management Console as the OS does not run but a console to do some repair activities:

    Standalone System Sweeper: I do not like this too much as it is a tool to look for malware, rootkits etc.

    So, this tool is definitely something you should look into. Download the trial!

    Roger

  • The Death of the DMZ = The Death of the Castle

    Posted over 6 years ago
    by rhalbheer}

    Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers and leave your network open to the Internet. But today's trends definitely show the need for new models and for saying goodbye to the "I defend the perimeter and I am secure"-methodology.

    • My notebook which is travelling with me around the globe and is connected much more often to a non-trusted network than to a trusted one has to be part of the perimeter of Microsoft-IT's network
    • Today's businesses have completely new ways of doing partnerships. Some customers even tell me that it might be that their business switches partnerships within hours. How do you handle this, if you infrastructure is not able to deal with a high level of flexibility.
    • You business wants to do business with people on the Internet. I have seen network designs with 5 perimeter networks layered at the edge. How do you think that they will ever be able to deploy new services across this design? What will they do? Outsource their solution and you will lose control completely (do you remember RSA Europe: Are you ready for security and privacy?)

    So, there are different approaches technically to this challenge and I started to discuss some of them in this blog. Thomas Raschke, Security Researcher at Forrester, raised a new question: K.I.S.S. the castle (analogy) good-bye! Okay, done - now what?. Even though I rarely used the castle analogy, what analogy will follow the castle? We often try to use pictures of the real world to explain what we do to non-technical people. How do you explain the challenges above including the defense mechanisms to them today? What do you use as an analogy? Unfortunately I do not have the silver bullet but would be interested to learn

    Roger