The Canadian Security Community

One of the pieces of feedback I have been given for a while is that despite the changes we have made to the update process and guidance, there is still confusion over things like – what do the updates do, do I really need to apply them to my systems and how critical actually are they?

Now, we always recommend applying all updates to the appropriate systems, but sometime people have to prioritise, especially if they require reboots. To this end, a group of folks here in Canada released our first attempt at simplifying the bulletins: Click here to listen.

As it happens, the guys from Corp also had the same idea, though they used video and it probably wasn’t conceived in a pub over beer and designed on napkins :).

More importantly, we are keen to get your feedback as to whether either approach is helpful or if you have any suggestions for improvements.

As always, the MSRC blog: blogs.technet.com/msrc is the home of the bulletins.

Thanks in advance and enjoy!

Bruce

Bruce Cowper

Chief Security Advisor

Microsoft Canada Co.

As the Chief Security Advisor for Microsoft Canada, Bruce is responsible for the overall security strategy, working closely with the Public Sector, large enterprises, Industry Associations and the Community across Canada. He comes from a security background in secure system design, forensics and security risk management and as the Chief Security Advisor leverages his real life hands-on experience to relate to the challenges faced today. Bruce is a prolific speaker and can frequently be found in the media and at conferences across Canada and beyond.

Bruce is a founding member of the Toronto Area Security Klatch (TASK) and an active member of numerous organisations across Canada. Before moving to Toronto and joining Microsoft, Bruce held positions on the board of directors of several IT companies, championing the development of technical excellence and the customer experience.

Bruce holds a degree in Computer Systems Engineering as well as industry standard qualifications.

Amazingly enough, that time of the year has arrived again and SecTor (www.sector.ca) is almost upon us.

The team (www.sector.ca/about.htm) have announced the speaker lineup:

New Keynote and Sessions Announced - click here for all the keynotes and sessions

Keynote: "Baggage: What I took with me when I "left" Computer Security" - Stephen Toulouse

Keynote: "No-Tech Hacking" - Johnny Long

"Metasploit Prime" - H D Moore

“Network Security Trends for 2009 (aka ‘not the NAC’)” – Jennifer Jabbusch

"Advanced Spear Phishing Attack Framework" - Joshua Perrymon

"Owning the Users with The Middler" - Jay Beale

"RFID Unplugged" - Eric Johanson

"Double Trouble: SQL Rootkits and Encryption" - Kevvie Fowler

... view all the sessions here

Look who we're flying up to deliver exceptional training (before the conference):

No-Tech Hacking with Johnny Long – GO

Bluetooth and Wireless Hacking with Dino Covotsos – GO

Cutting Edge Hacking Techniques with SANS Institute's John Strand – GO

Powersploiting: Leveraging the Metasploit Framework with H D Moore – GO

I for one can't decide which session to go to but I would certainly recommend having a look and I will hopefully see you there!

 It has been a long time on this blog, but I thought I would share with you that I am now the Canadian Security Lead, well my official title is 'Senior Program Manager; Security Initiative' :)

 This means that I am back and will be blogging on here and the other blogs:

The Canadian IT Pro Blog

http://blogs.technet.com/canitpro

The Canadian IT Managers Blog

http://blogs.technet.com/cdnitmanagers

Security For Canadian Developers Blog

http://blogs.msdn.com/s4cd

I look forward to seeing you online.

 Bruce

For all of you wondering if I had disappeared from the planet, you may be pleased to know that I am simply moving blogs.

Based on your feedback the Canadian IT Pro team is amalgamating our efforts and our blogs in to two new spaces:

The Canadian IT Pro Blog

http://blogs.technet.com/canitpro

The Canadian IT Managers Blog

http://blogs.technet.com/cdnitmanagers

You told us that you want to connect with the team, but that we could make your lives easier by consolidating the blogs and providing separate technical and manager / architect information. You informed us you wanted more guest bloggers from the community and industry. You shouted from the roof tops you wanted more.... so I ask you to add the new blogs to your favorites and RSS readers and I look forward to meeting you all there.

It seems like a world ago, but as a follow up from the Vista Beta 1 Install Fest last year, we (and that is everyone that came along) have received a letter from Foodpath in Mississaga, thanking us for the donation.

“On behalf of the board of Directors and clients of Foodpath, we would like to thank you for your generous donation. Your support makes a great difference in the lives of so many people in the Peel Region.”

If you would like to find out who they are and what they do, their website can be found here: http://www.foodpath.org and I would encourage you to help them and your local charitable organisations.

Thank-you once again from the whole TechNet team and Microsoft.

Enjoy!

If you haven't already heard about it in the TechNet flash, from the blogs and Microsoft TechNet site, we are less than a month from the start of the Build'06 tour

Build'06 is aimed at everyone that designs, deploys, secures and maintains networks, from large to small.

Many of us spent far too much of our time dealing with our existing systems (up to 70% according to many studies).

The TechNet Build06 tour kicks off on Feb 28^th in Victoria and goes across the country bringing you the knowledge to implement your own Secure Well Managed Infrastructure. The sessions will look at the processes of Management including base-lining, change control and security with tools such as Windows Server TM 2003 R2 operating system, Virtual Server 2005 R2, Internet Explorer 7, Microsoft Operations Manager 2005, Systems Management Server 2003, Exchange Server 2003, Antigen® and many others.

See you all there and don't forget to watch the team blogs as well as this one for more information...

Enjoy!

Last week I had the pleasure of delivering a session to the TASK which concentrated on Windows Server 2003 R2 Security and Management. For those of you that attended, I hope you found the session useful and it was great to get so many questions and your feedback!

I have posted the deck and you can download it from:

http://download.microsoft.com/download/a/6/c/a6c4a976-da3e-4950-8c46-c3964cbbec1f/Windows Server 2003 R2.ppt

If you did not attend and especially if you are not aware of the Toronto Area Security Klatch, you are missing out! Check out the site: www.task.to and up-coming events. We meet in down-town Toronto on the last Wednesday of every month.

As a reminder to all, March marks our 1 year anniversary, so come along and join us!

Enjoy!

If I was to tell you that there is a series of practical, consultant lead workshops covering a range of popular topics, designed to help you deal with real world challenges, produced and delivered by people who live and breath this stuff day in and day out... I would hope you answer would be - okay, so when and where?

As a reminder, the TASK meeting is tonight. I am presenting a session on Windows Server 2003 R2 around security, interoperability and other additions in the latest incarnation of the server operating system.

For attendees (on a 1st come 1st serve basis, until I run out) I will be giving out vouchers for a full copy of Virtual Server 2005 R2.

The event information can be found here: http://www.task.to/events/upcoming.php
 

TASK Meeting Location

Last Wednesday of Every Month
6:00 pm to 9:00 pm

Bahen Centre
40 St. George Street, Room 1180

I look forward to seeing you all there!

After suggestions from a number of you we have launched a couple of new blogs... Now before you say - we have so many we already read, why more? We have created blogs aimed at groups of people the whole team will be posting to. They are:

Canadian IT Pro team blog: http://blogs.technet.com/canitpro

This blog is aimed at providing a one stop shop for the Canadian IT Pro community and will concentrate on the technical information. You will find the whole team and guests posting on this blog and if you have any suggestions, wants or have posts, please feel free to let us know.

Canadian IT Managers blog: http://blogs.technet.com/cdnitmanagers

The Managers blog is focussed on industry and pertinent information for IT Managers in Canada and beyond. We have a number of guest bloggers from the industry who provide insight and information.

I would suggest checking both of these blogs out and feel free to give us your input.

Enjoy!

You may have wondered why I have been a little quiet of late. Well, the reason [beyond actually having a vacation of Christmas and New Year] is that I am currently in Seattle at an internal Microsoft event called TechReady. At this conference, we have a huge number of training courses on many of the new and up-coming technologies.

I thought beyond letting you know where I am I wouold give you a heads up on some of the technologies you willl be seeing and hearing more of in the near future. For example Win PE 2.0, which is being used for a whole host of things from deploying Windows Vista and many other tools is being made available to all corporate customers and not just those with Software Assurance: http://www.microsoft.com/technet/windowsvista/deploy/winpe.mspx

I am currently sitting in a session on Windows Vista deployment and I can't believe the tools that are going to be available. If you can imagine in Windows XP we had 5 text files for an unattended cutomised installation. In Windows Vista there is a tool that allows you to select an image, create your single answer file for everything from drivers to applications, delta your packages in to the WIM file and deploy it to a distribution point. All I can say is gimme gimme gimme. Tools like this will make creating and maintining a very small set of images soooo much easier.

Over the rest of the week, I shall tell you what I can about more of the great stuff from TechReady in Seattle.

Enjoy!

2006 is looking to be one of the most exciting years for the IT Pro Community and we are absolutely pumped about what the year has in store for us!

Just to give you a little run down of some of the really cool things to watch out for:

TechNet Canada tours:

   Communication and Collaboration Tour - Jan / Feb

   Secure Well Managed Infrastructure Tour - Feb / March

   Future of the Desktop Tour - May / June

There are many other events far too numerous to mention so I would suggesting building your personalised calendar for TechNet and MSDN events online at: http://www.microsoft.ca/technet/events

This year we also have a whole host of product launches from Windows Vista, Office (codenamed Office 12) and many others.

We hope to see you in 2006 and wish you all the best!

Last week we held a 2 day series of hands-on labs for ISA server and Antigen that convered a huge range of scenarios and practical solutions for security, junk mail filtering and anti-virus. I hope all of you that attended will agree that it was an awesome experience. I spent a great deal of time not only working through the labs with you, but talking about how you could leverage the technologies in your environment.

As a result of the labs, I have been contacted by a number of you wanting to get hold of the presentation material from the labs, so here are the links:

To download the presentation on Internet Security & Acceleration Server 2004 Enterprise Edition, click here:  http://download.microsoft.com/download/a/6/c/a6c4a976-da3e-4950-8c46-c3964cbbec1f/ISA EE Presentation.pdf

To download the presentation on Microsoft’s Sybari Antigen click here:  http://download.microsoft.com/download/a/6/c/a6c4a976-da3e-4950-8c46-c3964cbbec1f/Antigen Presentation.pdf

To download the presentation on Frontbridge click here:  http://download.microsoft.com/download/a/6/c/a6c4a976-da3e-4950-8c46-c3964cbbec1f/Frontbridge Presentation.pdf

Thanks again for attending this great event.

I look forward to seeing you all again soon!

I have had the MS fingerprint readers for quite a while now and have found them to be great convenience devices. These consumer units were produced in conjunction with DigitalPersona but are aimed at helping us deal with a challenge we face more and more as time goes by - too many digital identities... As a consumer, I have all of these services available to me, Internet Banking, online retailing, web based mail services etc, hey I can even book courses with the City of Mississauga in which I live! Therefore remembering all of those details for each identity is a challenge. The temptation is to use the same passwords, make them unforgetable and of course to never change them. Of course I don't do this, but how many of us do?

As a security professional this is a nightmare scenario. Now expand this to your network and you have a whole new ball game. Okay it is the age old balance of Security Vs Functionality / Usability, but let's face it if we can make our lives simpler then we usually will do. Also bare in mind that according to CERT a huge percentage (80%) of Security attacks they investigate are password related... Many of the versions fingerprint software store the databases of fingerprints and credentials on the local machine (which is where most of the attacks are directed). These databases are encrypted, but for how long? The challenge is of course managing this in a network. According to Gartner and many others, managing the user lifecycle costs businesses a great deal of money. So being able to allow users to log in with the fingerprint rather than managing those passwords may seem like an ideal solution. Then why is it more companies don't use this technology?

I have been evaluating the Digital Persona business solution (as they have been kind enough to send me one to play with - hint hint to any other maufacturers out there!). This provides an expansion to the AD Schema to connect the dots of user account to finger print and provides centralised storage and management. By the way, if you don't want to or can't extend the AD schema, there is facility to use ADAM. Yes, the solution means we can log on just by using our fingers to a network. Therefore there are no passwords for users to forget, therefore saving us time, money and hassle.

I would argue that this scenario is great (and works) but is only a PART of the overall password solution. Ultimately there is still a password involved, some setup (learning of the users' fingerprints etc), management - it is a database after all and extra hardware / software, but is well worth investigating as another tool in the armoury.

As I evaluate this solution more, I will post up my thoughts. If you have your own experiences and thoughts, please feel free to share them with us...