Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Browse by Tags

Related Posts
  • Blog Post: August article: 802.1X on wired networks considered harmful

    Several months ago I learned from Svyatoslav Pidgorny, Microsoft MVP for security, about a problem in 802.1X that makes it essentially useless for protecting wired networks from rogue machines. Initially I was a bit skeptical, but the attack he described is in fact true -- I've seen it myself now. So...
  • Blog Post: Did you know that you ALREADY have an e-mail policy?

    An email access policy can be expressed in one of two ways: E-mail is mission critical to our business. Therefore, we permit employees to read and compose e-mail from any location in the world where employees can access the Internet, using either company-issued devices or public Internet terminals...
  • Blog Post: How to secure your wireless network

    I'm now a contributing editor for TechNet Magazine . Everyone with a TechNet subscription automatically receives it; if you don't have one, you can still get the magazine free . The magazine's published three issues so far: Winter 2005 , Spring 2005 , and November-December 2005 . You'll especially enjoy...
  • Blog Post: New column -- Using IPsec for network protection

    I'm now writing semi-regular articles for TechNet. These are part of the security management series, and they're also linked from the security newsletter. The first column is a two-parter about IPsec. Part 1 describes the technology: how it operates, its various modes and methods, a bit on IKE...
  • Blog Post: Enabling Secure Anywhere Access in a Connected World

    A few times each year, Bill Gates or Steve Ballmer publish an executive memo. The first memo was Bill's essay on trustworthy computing , in July 2002. Today Bill has a new memo , one that is very important for all of us who strive to achieve a balance between being secure and, well, getting work done...
  • Blog Post: Configure your router to block DOS attempts

    Some time ago I had a discussion with a friend. He disagreed with my recommendations on how to configure a border router and the firewall behind it. I claimed that in the border router between you and your ISP, configure the six rules to block most denial of service traffic; in the firewall, configure...
  • Blog Post: Should your ISA Server be in your domain? Film at 11!

    So it would seem that a statement I made during TechEd US last week in Boston has mildly stirred a bit of controversy -- no surprise there, I guess, heh. One of my presentations gave an overview of what's new in ISA Server 2006 ( download your copy of the release candidate or try it out in some virtual...
  • Blog Post: Remote Access Quarantine (TechNet Magazine article)

    http://www.microsoft.com/technet/technetmag/issues/2006/03/SecurityWatch/default.aspx In those good old easy-to-manage pre-mobility days, personal computers presented few actual threats to a network. Sure, there was the occasional virus you’d get from a borrowed floppy disk, but the rate, or at least...
  • Blog Post: What do YOU need out of two-factor authentication?

    Two-factor authentication continues to grow in popularity and emerge as a security requirement for many people I meet with. At Microsoft, we use smartcards internally for VPN access right now; soon we'll be requiring smartcards for domain logon, too. We are also looking at ways to require two-factor...
  • Blog Post: Securing Terminal Services over the Internet

    In my presentation on remote access at TechEd, I gave three scenarios: web-based access to internal resources, published with ISA Server "desktop over the Internet" using Terminal Services and the remote desktop web connection full IP-based virtual private networks with L2TP+IPsec In the...