Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Browse by Tags

Related Posts
  • Blog Post: Internet Explorer security levels compared

    A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security zone templates . No wonder it's difficult to...
  • Blog Post: Windows Vista vs. hotels

    At many TechEds this year I've presented information about the new TCP/IP stack in Windows Vista. One of the important advances is its automatic performance tuning . With some of the early pre-release builds of Windows Vista, people were reporting problems with public Internet connections, most notably...
  • Blog Post: Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

    Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows...
  • Blog Post: Curious about the ways Windows talks to the Internet? Here's your answer.

    I was browsing through the Microsoft download pages today -- yeah, even we employees occasionally find little nuggets interspersed among the usual updates and such. I noticed a pair of whitepapers that will answer a common question I hear from many of you in emails and at conferences. You'll want to...
  • Blog Post: Directly connect to your corpnet with IPsec and IPv6

    Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere! So I've been kinda swamped. I've missed writing...
  • Blog Post: Bug in the book: Appendix C, hosts file

    Somehow this escaped our notice during the proof phase, but the hosts file that's printed in the book (and burned on the CD-ROM) is completely bogus. It actually blocks a number of very good sites that have anti-spyware software and even blocks MVPS.org, the place where you can get a real spyware/adware...
  • Blog Post: New column -- Using IPsec for network protection

    I'm now writing semi-regular articles for TechNet. These are part of the security management series, and they're also linked from the security newsletter. The first column is a two-parter about IPsec. Part 1 describes the technology: how it operates, its various modes and methods, a bit on IKE...
  • Blog Post: BitLocker command line interface

    Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I've mentioned it but didn't show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating...
  • Blog Post: When security breaks things

    Now that the furor has waned, I want to comment on MS05-051. For those of you who don't memorize bulletin numbers (I am part of that set; Susan Bradley , for example, isn't, hehe), this is the security update that fixed a number of vulnerabilities found in MSDTC and COM+; it replaced five other updates...
  • Blog Post: Configure your router to block DOS attempts

    Some time ago I had a discussion with a friend. He disagreed with my recommendations on how to configure a border router and the firewall behind it. I claimed that in the border router between you and your ISP, configure the six rules to block most denial of service traffic; in the firewall, configure...
  • Blog Post: Should your ISA Server be in your domain? Film at 11!

    So it would seem that a statement I made during TechEd US last week in Boston has mildly stirred a bit of controversy -- no surprise there, I guess, heh. One of my presentations gave an overview of what's new in ISA Server 2006 ( download your copy of the release candidate or try it out in some virtual...
  • Blog Post: Ethernet and WiFi and Bluetooth, oh my!

    Customers have long requested a way to configure a computer to automatically disable its wireless NIC when its Ethernet is in use. Many third-party utilities can do this for you, but neither XP nor Vista have a built-in way to accomplish this, nor will Windows 7. Although having both NICs enabled first...
  • Blog Post: Microsoft IPsec diagnostic tool

    IPsec is a wonderful technology for identifying computers and securing the exchange of data between them. I've written and spoken extensively about in the past. It is, however, a bit of a challenge to configure, especially if you're newly learning about it. Microsoft recently released a diagnostic tool...
  • Blog Post: Securing Terminal Services over the Internet

    In my presentation on remote access at TechEd, I gave three scenarios: web-based access to internal resources, published with ISA Server "desktop over the Internet" using Terminal Services and the remote desktop web connection full IP-based virtual private networks with L2TP+IPsec In the...
  • Blog Post: Questions about virtualization and security?

    Yesterday, Donnie Hamlett, a Microsoft core infrastructure optimization specialist, gave a webcast and played a video of my TechEd presentation on virtualization and security. Some of the viewers had questions, and I offered to Donnie that they could come to my blog to post them. I’ll extend that offer...