My last post was 18 days ago when I talked about the Cloud Infrastructure using Windows Server “8” Beta. On the same token I would like to let you know that soon (probably in the next couple of days) we will release Episode 17 of From End to Edge and Beyond where we interviewed Josh Adams. Josh will talk about this document that we wrote and will demonstrate how to build a cloud infrastructure using Windows Server “8” Beta.
Stay tune in this channel!
Since we are talking about cloud, yesterday me and Tom Shinder delivered a presentation at Share Cloud Dallas about Private Cloud Security. We had a great time not only presenting but also networking with other IT PROs from DFW area.
You can download the presentation from here and you can access the Private Cloud Blog for more information about some of the scenarios that we discussed during this session.
The first round of questions of this contest is now closed. We had a total of 16 participants and only two got all answers correct. It was fun to interact with you guys via Twitter and also review your answers; it took me back in the day when I was a University Professor for Computer Networks discipline. There is an interesting pattern that I’ve been noticing since those days, which is: sometimes you miss a question not because you don’t know, but because you didn’t pay full attention to it. Four people didn't realize that in the last question you have to choose two options and selected only one option (next time pay more attention to those details). Another interesting pattern that I notice here was: everybody got the question two correct, which means we have a good foundation identifying TMG’s kernel mode driver, I like that.
As I previously said, this Friday (April 1st) I will be posting the answers for the quiz and will #FF the folks with more points on my twitter. Thanks for playing and start to get prepare for the next round (UAG) that will happen next Monday (April 4th).
Last May I went to a Security Conference here in Dallas called Takedowncon, organized by EC-Council. It was a great conference, great speakers and an amazing technical content. I personally recommend you to participate in the next stop of TakeDownCon, which will be in LA next December. I’m here today just to share one of the presentations that folks from TakeDownCon made available for public consumption this week:
Process And Memory Forensic Techniques by Kevin Cardwell
More presentations from TakeDownCon Dallas 2011 can be found at http://www.youtube.com/TAKEDOWNCON2011
Enjoy it !
Yesterday Tom Shinder and I had the opportunity to present at the DFW IT PRO Meeting about Private Cloud Security Infrastructure with Windows Server 2012, the audience was great, very participative and we had an amazing time interacting with them.
While we can’t share the slide deck for now, here are some of the links that we mentioned during the presentation:
Thanks for having us and see you next time!
Tom Shinder and I will be speaking at DFW IT PRO Meeting at Microsoft Las Colinas office next week (March 7th). We will be talking about the security enhancements in Windows Server 2012 from the private cloud perspective. The link to register is available here. You can find more information about DFW IT PRO Meetings in the link below:
See ya there!
If you are not here at TechEd, or if you are and couldn’t follow the sessions of our Architecture track, this is your chance to watch the presentations that were delivered on the track that Tom and I are the track PMs. I hope you enjoy!
Win with Private Cloud: How to Drive Down TCO for Datacenter Applications
Patterns and Practices for the Hybrid World
Demystifying Devices and Services
Hi folks, I just want to give a quick update on my new book (in Portuguese) about Security+ Certification. This book I wrote in partnership with my friend Daniel Mauser and we are covering the foundations of the Security+ exam, some practice examples and some direct dialogues where we describe situations that we experienced while dealing with such security subject. The book has approximately 400 pages and it is a result of 17 months writing (since November 2009) in my spare time (although I’m not sure if I ever had one). Here it is the book cover:
Pre-sales for this book should start later this week in main Brazilian’s bookstore. Portuguese speakers can get more information at www.securityplusbr.org
This week my friend Tom Shinder published a post at the Private Cloud Blog talking about our agenda at TechEd North America and Europe. Tom and I are the PM for the Architecture Track. On the External TechEd North America web site you will see as Architecture & Trustworthy Computing with the following description:
We will be double acting as PM and speakers for both events. I will be co-presenting with Tom and Josh Adams at TechEd North America and at TechEd Europe I will be presenting with Karin Bazuza (my former coworker from CSS Security, now she is CSS Networking). The list of sessions for our track are:
TechEd North America
Syngress will also be sending some copies of our upcoming book Windows Server 2012 From End to Edge and Beyond, we probably will be signing books there also.
I hope to see you there!
My friend Tom Shinder is inspired this month; he already posted some great info in his Blog the last two weeks. From his recently posts I personally recommend you to review the following ones:
Another friend of mine that is also helping out the community is Richard Hicks, last month he posted a great article about SQL Logging. Check it out here:
Last but not least you have to read this post from Jason Jones about ADAM, very precious piece of information:
In the last 24 hours the questions for the Forefront quiz round two were published, for my surprise from the 16 contestants that were participating last week only 50% answered questions this week. Not sure why this happened, maybe not many people use UAG? Maybe people are too scary of UAG? Not sure why this happened but the other interesting fact is that from 8 folks that answered the quiz, 3 got all full points and 2 got 4 correct answers.
In summary the contestants that answered UAG questions were really sharp on their choices. Keep up the good job and Friday I will be posting the result, meanwhile start to study for FPE’s quiz next week.
Yesterday Microsoft released six security updates and there is one in particular that is very important for VPN scenarios that uses IAS for RADIUS authentication. MS09-071 describes that Servers using IAS are only affected when configured to use PEAP with MS-CHAP v2 authentication (described in CVE-2009-3677). The vulnerability happens due an incorrect way to copy into memory messages received by the server when handling PEAP authentication attempts. This vulnerability is classified as critical. More information about December 2009 Security bulletin read the MSRC Blog:
Couple of months ago our team published an updated version of the Cloud Services Foundation Reference Architecture. One piece of this documentation set is called Cloud Services Foundation Reference Architecture - Reference Model. The RM (Reference Model) is an essential document for companies that are starting to plan and design their migration to a cloud computing model. Is very important to emphasize that when we say cloud computing we are talking about the use of all five essentials characteristics of cloud computing defined by NIST. It doesn’t matter if you will leverage those characteristics for a hybrid cloud or a private cloud, as long as you understand that you must have all five characteristics in order to be a cloud based environment the reference model will assist you to understand what needs to be done to connect the dots.
Our Team (Solutions Team) is also constantly updating the Solutions Hub with new documents that we publish, visit our content in the URL below:
Stay tune on this hub, soon we will be releasing a new document set for Hybrid IT with Windows Azure!
Disaster Recovery Plan, also known as DRP, this discipline is mainly concern about “Availability”, which is one of the main pillars in the Security Triad (Confidentiality, Integrity and Availability). The security principals (and common sense) determines that first and foremost we all need to make sure everyone is safe (human life is the top priority in any DRP). In an extreme situation, like our friends from Japan are living at this moment, there are more than just availability to be concern about: integrity and confidentiality might be gone for some business. In order to assist the business in Japan to have some guidelines on what to do to be back in business the article below was created:
Here are some important points to notice in this article:
…and also the tags that we currently have:
There are much more to add, so make sure that you take some time to add valuable information to this article. This can be very useful for those that are desperate to put their business back on track.
The book that I co-wrote about Security+ is now available in Portuguese/Brazil and on the same week that the book was announced, CompTIA also announced that the Security+ Certification is now also available in Portuguese. The CompTIA Press Release from last week has a brief interview where I explain more about the book, more info here: http://www.comptia.org/news/pressreleases/13-02-20/CompTIA_Security_Certification_Exam_Now_Available_in_Portuguese_Language_Version.aspx
Hello folks, a quick post here just to let you know that me and my friend Tom Shinder will be presenting at TechEd US (in Orlando) and TechEd Europe (in Amsterdam). We will deliver the same session in both events, which is Understanding and Deploying Hosted Cloud: Concepts and Implementation. We will also use this opportunity to network with the IT PRO / SEC Community and record an episode for our Security Talk Show (From End to Edge and Beyond) with your participate, so I really hope to see you there !
Here it is why you can’t miss TechED 2012.
Last week my friend Tom Shinder announced here the new content that our team launched, called Hybrid IT Infrastructure Solution for Enterprise IT. This content was based on a tested solution involving many technologies such as Windows Azure, Windows Server 2012, SSO, DirSync and others. If you didn’t see this content yet, make sure to access the link below and browse through the articles:
One topic that I presented at TechEd Europe last week was PortACL but I didn’t have enough time to demonstrate this feature. I recorded the PortACL demo and you can watch on the link below. The scenario that this demo is addressing is the following one:
Download the demo from here.
Yesterday the last round of questions for the Forefront quiz were published, the numbers were even lower than with UAG, 6 out 16 contestants answered the FPE questions. I guess I will never see again what I saw with TMG where 16 contestants were answering all questions. In this round only 2 received bonus point and only 1 got all questions right. This is it folks, the end of the Forefront contest quiz. I would like to thank you for your participation. It was great to interact with you every Monday and Friday on Twitter. Keep in touch and let’s wait for Friday to see who is the big winner.
I’m going to try to give you some updates about how our new book (announced here) is coming along. This month we started handing over some chapters to Syngress and we are really excited with this project. We are using the same formula that we used in our previous books, in other words, we split the chapter in two parts and each one write half of the chapter. This gives us the opportunity to write every single chapter, equally split the work and leverage our areas of expertise within the technology. There are two recent news that I would like to echo here: as announced today by Richard Hicks his blog, he will be the Technical Reviewer for this book and as we known Richard for a long time we are very pleased to have him onboard to help us on this project. As I announced last Saturday (via Twitter – see below), Syngrees will be handing over to us the draft book cover and we will be showing it during our sessions at TechED US in June. I hope to see you there !
It’s Friday and this means that we have the results for the round two (UAG), without delays let’s move on to the answers:
In this round we didn’t have too many questionable scenarios; most of the contestants didn’t have difficult to interpret the questions. Matter of fact question number one made some people to think that I was trying to trick them, which I actually was . Remember, UAG is an ISAPI filter, so it doesn’t have any native kernel driver, it leverages HTTP.SYS and take advantage of TMG Kernel driver (FWENG.SYS), but still no native driver.
Let’s congratulate the champs of the second round of questions in the Forefront Contest Quiz, they got either all possible points (15) or most of them (12):
@liontux (15) @jjatsilversands (15) @cfalta (12) @pkpatel8 (12) @usouzajr (12) @teemukir (12)
Congratulations guys and enjoy your weekend because Monday we have the last round with FPE questions!!
Here are the presentations that were delivered on the second day of TechEd 2013 as part of the Architecture track that Tom Shinder and I were the Track PMs.
Bridging the Gap: Securely Connecting Windows Azure and Private Clouds
Best Practices for Building Your Strategy for a Private Cloud
The Cloud: Making the Move to a Hybrid World
The Cloud Service Provider Architecture
Identity Infrastructure Fundamentals and Essential Capabilities
Almost one month without update, that’s very rare for sure, time is working against me but pretty soon I should be able to breathe again. Last couple of months I was studying to get my CEH certification and couple of weeks ago and I got it. Here are some resources that I recommend you to read if you are studying for this certification:
Some Articles to Complement
Now I’m working to finish my new book (in Portuguese only) about Security+ Certification (Portuguese’s readers go to www.securityplusbr.org for more info). This project should be done by end of this month and this book should be released in Brazil April next year.
On the community space my last contributions were:
My MVP friends are very active these days and here are some great articles that they recently published:
Next week I should have new posts here with some interesting issues that I’m dealing with.
Today we are releasing part two out of five in this new series called “Microsoft Private Cloud Solutions for IT Managers”. This episode is all about Private Cloud Security. We hope you enjoy!
Today we are releasing part one out of five in this new series called “Microsoft Private Cloud Solutions for IT Managers”. I hope you enjoy me, Tom Shinder and Kevin Remde talking about Cloud Computing from all angles.
The book signing session at TechEd 2013 was great, we had a lot of fun and I would like to say thanks to some of our friends that were there:
If you don’t have our book yet, check it out here.
Next stop, TechEd Europe in Madrid. See you there!