Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

TechEd US 2005

TechEd US 2005

  • Comments 1
  • Likes

This year at TechEd I have three sessions. The policy talk is really a lot of fun, I guarantee it'll make you think! The privacy talk I am co-presenting with my good friend Byron Hynes (http://spaces.msn.com/members/byronphynes).

Security policies? Ugh, just give me a firewall
Start | Programs | Firewall | Rules | Add rule | Permit all hosts destination port 4695/tcp. Um, why did you just do that? Was there a business justification for creating that hole, and was the decision backed up by your security policy? You do have an up-to-date, regularly reviewed policy, right? Surprisingly (or not), security policies in many organizations are hidden, reflect thinking ten years ago, or simply don't exist. All security decisions should be based on business needs and guided by relevant, timely, and flexible policies. Steve Riley will help you understand why it's important to have a security policy, how to encourage end-user participation, and provide suggestions on what makes up a good policy.

Protecting Privacy on the Microsoft Platform: "paper security" vs. real security
In the era of proliferating privacy regulations worldwide, encryption requirements are everywhere. However "encryption" doesn't necessarily mean protection -- if we hand over the keys to a robber, then he's going to get in our house despite the lock on the doors. We'll discuss various encryption approaches that organizations have proposed or deployed, and distinguish between those that merely satisfy a simple "checkmark" on a privacy auditor's list, and those that actually provide the protection that was intended by the regulations. We'll also explore encryption options in Windows and delve into how Windows protects important secrets.

Secure remote access
Remote connections extend your network's perimeter far and wide across the globe, often into networks that you know very little -- or nothing -- about. Because remote access to corporate networks is critical for business these days, it's absolutely essential that you take the necessary steps to protect your own network and your remote clients from threats that lurk along the way. Basic requirements include not only strong user authentication but also knowledge of the remote computers and configurations that erect barriers against attack. Depending on the needs of your user community, some might require the flexibility of full IP-based virtual private networks (VPNs), others might need only simpler Terminal Server or web-based "remote display" access. Technologies for secure remote access include Windows Routing and Remote Access Services (RRAS), VPN quarantine, strong authentication with smart cards, securing Terminal Server over the Internet, and web-based remote access to internal services. Steve Riley will help you understand the unique security requirements for various kinds of remote access and how to deploy the appropriate technology safely, to keep your network assets and your information protected.

Go to http://www.microsoft.com/events/teched2005/default.mspx to register!

Comments
  • Very interesting.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment