Roger's Security Blog : Events/Training

Get Safe Online: Don’t be a Money Mule

rhalbh — Fri, 04 Dec 2009 11:53:19 GMT

You know, there are people who blog late, there are people who blog very late and then there is me…

I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I usually blog on it.

As I said, this time I missed it. However, there is an awful lot of good content on their website, especially about Money Mules. I think that it is worth spending some time and looking at the video on Money Mules and their webpage on the same subject or directly:

Roger

Why it pays to be secure – Chapter 3 – But how do I?

rhalbh — Sun, 18 Oct 2009 18:20:00 GMT

Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use.

Security — you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin?

From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Join Senior Security Strategist with the Microsoft Trustworthy Computing Group Kai Axford, as he explores each layer of Defense in Depth during this eight-part webcast series. Kai shows you how mitigate the new risks in security and may have you rethinking the methods you’re using. He also spends time talking about your hot topics of the day.

Specifically there is an 8 part series as detailed below:

TechNet Webcast: 2008 Defense in Depth Security Series (Part 1 of 8): Why Does Security Matter? (Level 200) Original Air Date: January 7, 2008

In the first session of the series, we discuss risk and the impact of security on the business. We look at some popular methods to assess risk and identify the need for an overall security strategy. We also explore why you should care about information security, how to measure the success of your program, and how to prove it to your boss using the concept of Return on Security Investment (ROSI). Learn how security impacts the cash flow of your business. Bring your CFO to this one!

TechNet Webcast: 2008 Defense in Depth Security Series (Part 2 of 8): All Bark and No Bite (Level 200) Original Air Date: January 8, 2008

In our second session, we take a look at what is considered to be the most important aspect of information security: security policies. We discuss the policies that exist within your company and how to strengthen them. After all, what good is a policy if it is not enforceable? We also investigate the most cost-effective way for you to increase the security posture of your business. What is it? You have to tune in to see! You will not be disappointed.

TechNet Webcast: 2008 Defense in Depth Security Series (Part 3 of 8): Gates, Guards, and Guns (Level 200) Original Air Date: January 9, 2008

Today we look at an aspect of information security that is often overlooked by technical folks. It is the physical security aspect of our job. Are you aware that every year at DEFCON there is a lock picking contest? In this session, we dive into various techniques and methods that we should be considering when it comes to providing physical security around our datacenters. We discuss some of the recent trends in this area, such as IP video surveillance, and also discuss resources that can assist you in coming up with a good overall physical security plan. (No locks were harmed in preparation of this session.)

TechNet Webcast: 2008 Defense in Depth Security Series (Part 4 of 8): Living on the Edge (Level 200) Original Air Date: January 10, 2008

In case you are not aware, the Internet is not a safe and happy place. Have you thought about all the other branch offices and partners you are connected too? Bad things are going on and you would like to do what you can to keep them out in the wild. In today's session, we look at some of those risks, and also discuss some technologies you should be considering when looking at securing the perimeter. You know about Intrusion Protection Systems (IPS), Intrusion Detection Systems (IDS), and firewalls, but are they doing any good? Is the DMZ as we know it today…dead?

TechNet Webcast: 2008 Defense in Depth Security Series (Part 5 of 8): Keeping Your House in Order (Level 200) Original Air Date: January 14, 2008

We start the week by discussing a problem that is close to your heart: your network. But how can we even begin to take on that challenge? What are some of the things on the horizon that we need to be aware of? In this session, we look at technologies and concepts such as IP Security (IPSec) Domain Isolation and Network Access Protection (NAP). We also look into some practical things that you should be doing right now to protect one of your most valuable assets.

TechNet Webcast: 2008 Defense in Depth Security Series (Part 6 of 8): Save the Box, Save the Network (Level 200) Original Air Date: January 15, 2008

Servers. We all love them. Wouldn't it be so much easier if we simply did away with everything else? There is no argument that the multitude of desktops, laptops, and mobile devices has created headaches for the IT security professional. Just when you lock down a desktop, the sales guy gets a new laptop, and then a new mobile phone. We cannot (legally) eliminate the users, but join us to see what we can do to stay ahead of the risks!

TechNet Webcast: 2008 Defense in Depth Security Series (Part 7 of 8): If You Build It (Securely), They Won't Come (Level 200) Original Air Date: January 16, 2008

Grab the caffeine and pizza! Today we step into the dark underground of AppDev and discuss methods for securing applications that run inside your infrastructure. As we harden the network and hosts, the bad guys are looking for other ways in, and often it is the applications being written by your own developers. Do your developers have the time and tools required to build their applications securely, or is security merely an afterthought? What tools are available to assist them? We show you today. No coding required.

TechNet Webcast: 2008 Defense in Depth Security Series (Part 8 of 8): If a Terabyte Falls in the Middle of the (Active Directory) Forest (Level 200) Original Air Date: January 17, 2008

Got data? Sure you do, but how much? Where is it? How is it protected? What is it worth to you? Which is the most important? If you could save only one database, which would it be? Answers to all these burning questions, as well as some closing thoughts from Kai, are going to be covered in this final session. You do not want to miss this electrifying and intense final webcast!

Henk and Roger

EMEA TwC Analyst Summit

rhalbh — Wed, 24 Jun 2009 14:06:42 GMT

We are just kicking off the EMEA TwC Analyst Summit, which is running for the next two days. The first time we are using technologies like Twitter live from the event and we encourage the Analysts to do the same. Therefore, you might follow what is going on there on different channels but mainly:

The website: http://www.emeatwcanalystsummit.com/
If you are using Twitter, use the hash #TWCSummit

Roger

Live-Tweet from Analyst Event

rhalbh — Mon, 22 Jun 2009 23:55:27 GMT

Wednesday and Thursday we are running an event for selected analysts in London. As you might know, I am tweeting via http://www.twitter.com/rhalbheer and I will try to do some live tweeting from the event during the event – never did this but I will try. In addition, there are some analysts we know that they use Twitter as well and we will ask them to do the same. If you want to know how it will work out, search for the keyword #TWCSummit

Looking forward to meeting you on Twitter

Roger

Scam Awareness Month in the UK

rhalbh — Mon, 16 Feb 2009 13:03:31 GMT

I guess you know Get Safe Online in the meantime. They are publishing a lot of good and insightful information. Now, they collaborate with the Office of Fair Trading in the UK for a Scam Awareness Month.

Again, there is a log of excellent information on the web for you to look at:

Get Safe Online Blog on the Scam Awareness Month
A Consumer Site from the Office of Fair Trading with

Games
Information “Before You Buy”
Information “After you Buy”
and a lot more

Something you could definitely use to drive awareness with the average user.

Roger

Data Protection Day 2009

rhalbh — Wed, 28 Jan 2009 19:16:02 GMT

In early December I blogged about the Privacy Video Competition of the Data Protection Day.

Today is the day: The winners just were announced. If you want to look at the videos (they are actually pretty cool):

Watch all entries: http://eskills.eun.org/web/dprotection/gallery
Watch all shortlisted entries: http://www.dataprotectionday.eu/jury/
Watch the winning entries:

Congratulations to all the winners and a big “thank you” to all the participants. They all would deserve to win!

Roger

Privacy Video Competition

rhalbh — Fri, 12 Dec 2008 00:07:17 GMT

On January 28th the European Union is holding the Data Protection Day. To prepare for that, they are holding a competition for young people from 15 to 19 to express their views about online privacy. Here is the teaser:

Surf the net – Think privacy!

So, please spread the word!

Roger

Europol High Tech Crime Experts Meeting 2008

rhalbh — Thu, 11 Dec 2008 15:22:00 GMT

I recently had the great opportunity to join the Europol High Tech Crime Experts Meeting 2008 in Den Haag. This is mainly a get together of the High Tech Crime leads of the EU Law Enforcement agencies and countries where they have a close relationship with (e.g. Switzerland, Norway, Canada etc). Additionally there are a few private sector companies invited.

This shows to me the commitment of Law Enforcement to work closely together with the private sector to fight cyber crime – and this is what you really feel if you are there.

Here you see the corresponding press release: High Tech Crime Experts Meeting 2008

Roger

Get Safe Online – This Week

rhalbh — Tue, 18 Nov 2008 16:00:17 GMT

We see this concept all over Europe: There are National Security Awareness Days (or how ever they are called) in a lot of European countries. During these events, the industry (from software to banking to government to …) gets together to raise awareness on the most important trends, criminals explore attacking their victims.

This week in the UK there is the Get Safe Online Week, which is a very good example for me how this can work out. A lot of partners come together this week to drive awareness around different themes in the area of Online Safety.

I quote from their press release:

Today (which was actually yesterday) the UK’s fourth annual Get Safe Online kicks off, a weeklong internet safety awareness campaign encouraging UK computer users to take steps to ensure that they and their machines are protected.

In a time of economic uncertainty, online security is becoming even more important as the growth of the ‘shadow economy’ in stolen identities can mean a person’s assets such as savings accounts can be stolen and emptied faster than ever.

Particularly, the use of ‘phishing attacks’ is rapidly on the rise – where criminals send fraudulent emails designed to trick internet users into submitting their financial or other confidential details. 23% of UK internet users surveyed said that they or someone they knew fell victim to such an attack this year, compared to just eight per cent in 2007.

The image of the geeky hacker is inaccurate: the vast majority of computer crime in the UK is highly organized, with criminals dealing in the buying and selling of personal information used to defraud targets such as full name, address, passport details, driver's license number, date of birth, bank account details and sort codes, plus credit card numbers and security codes.

Get Safe Online Week aims to give everyone the tools and confidence to enjoy and use the internet safely. In the span of a couple of hours, anyone can learn a few simple steps to remain up-to-date and aware about online safety – a small investment compared to the potential loss and inconvenience if they are instead victims of identity theft.

I think that this is a great initiative, which needs our broad support:

Roger

Are we talking about the right things?

rhalbh — Tue, 10 Jun 2008 19:55:14 GMT

I am in Qatar at the moment at the Doha Information Security Conference. They actually have a very interesting setup as they only have very short presentations (about 5-10 minutes) of approx. 2 people and from there on they are working with a panel discussion on the topic during the rest of the hour. As there are about 100 pretty active people (which is a lot in Qatar), the format is very interactive and attractive.

Today, there was one session on the ISO standards. We had a very good discussion on them and then one of the participants raised a very good point: He stated that he was participating in a lot of events. A lot of people are talking about Risk Management, writing pragmatic Security Policies etc. but nobody actually tells him where to start and how to do it.

Is this really true (I did not do it in this short presentation)? We usually say that the policy and the project have to be adapted to the company. This is definitely true but is the approach so different? When I was working at PricewaterhouseCoopers, the approach we took was normally more or less the same (more more than less J). So, why do we not give better guidance to the people on how to do it?

Do you give guidance normally (talking at events, not doing consultancy J)?

Roger

Testing our Security Technology

rhalbh — Mon, 05 May 2008 19:05:31 GMT

Quite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs.

There is the VirtualLabs offering, containing MSDN and TechNet labs.

The idea behind them is: It's simple: no complex setup or installation is required to try out Forefront Security running in the full-featured TechNet Virtual Lab. You get a downloadable manual and a 90-minute block of time for each module. You can sign up for additional 90-minute blocks any time.

So, we give you a manual and access to VMs via Terminal Server and you can use them for 90 minutes – cool isn't it?

Just as an example, these are the Forefront Labs:

Forefront Client Security

TechNet Virtual Lab: A Technical Overview of Microsoft Forefront Client Security
TechNet Virtual Lab: Deploying Forefront Client Security Part 1
TechNet Virtual Lab: Deploying Forefront Client Security Part 2
TechNet Virtual Lab: Forefront Client Security for System Center
TechNet Virtual Lab: Troubleshooting Forefront Client Security
TechNet Virtual Lab: Microsoft Operations Manager 2005 Technical Overview with Forefront Client Security

Forefront Server Security

TechNet Virtual Lab: Managing Microsoft Forefront Servers with Forefront Server Security Management Console (FSSMC)
TechNet Virtual Lab: Implementing Antivirus Defenses on Exchange Server 2007 with Microsoft Forefront Security
TechNet Virtual Lab: Forefront Security for SharePoint
TechNet Virtual Lab: Forefront Security for Exchange Server
TechNet Virtual Lab: Using Antigen Server to Protect SharePoint Servers and Instant Messaging
TechNet Virtual Lab: Using Antigen Server to Protect Exchange Server Against Viruses and Spam
TechNet Virtual Lab: Forefront Server Security

Forefront Edge Security

TechNet Virtual Lab Express: Introduction to ISA Server 2006
TechNet Virtual Lab: Configuring Load Balancing using ISA Server 2006 (Part 1)
TechNet Virtual Lab: Configuring Load Balancing using ISA Server 2006 (Part 2)
TechNet Virtual Lab: Using Monitoring, Alerting and Logging with ISA Server 2006
TechNet Virtual Lab: Enterprise Management of ISA Server 2006
TechNet Virtual Lab: Enabling VPN Connections using ISA Server 2006
TechNet Virtual Lab: Forefront Edge Security and Access - Creating and Configuring Intelligent Application Gateway (IAG) 2007 Portal Websites
TechNet Virtual Lab: Forefront Edge Security and Access - Remote Access with Intelligent Application Gateway (IAG) 2007 and Internet Access Protection with ISA Server 2006
TechNet Virtual Lab: Publishing an Exchange Server with ISA Server 2004
TechNet Virtual Lab: Configuring Outbound Access and Publishing Web Servers with ISA 2004
TechNet Virtual Lab: VPN Scenarios with ISA 2004
TechNet Virtual Lab: What's New in ISA Server 2004 – Monitoring
TechNet Virtual Lab: Introduction to ISA Server 2006
TechNet Virtual Lab: Publishing Web Servers and Other Servers using ISA Server 2006
TechNet Virtual Lab: Publishing an Exchange Server with ISA Server 2006
TechNet Virtual Lab: Configuring Outbound Internet Access using ISA Server 2006
TechNet Virtual Lab: Secure Messaging and Collaboration

Secure Messaging and Collaboration

TechNet Virtual Lab: Secure Messaging and Collaboration

Cool, isn't it? Give it a try

Roger

How Microsoft IT does Threat Analysis

rhalbh — Mon, 05 May 2008 18:49:44 GMT

I wrote on that already earlier. We make processes and tools available how we internally do Threat Modeling. To make it clear: this has nothing to do with the Security Development Lifecycle but much more with Microsoft's own IT department.

The reason for this post is that we just released version 2.1 of the Threat Modeling Tool, which is downloadable for free.

You find it on the Application Threat Modeling website

Roger

Infosec: Security community must work together

rhalbh — Thu, 24 Apr 2008 15:22:40 GMT

Ed Gibson, our CSA in the UK had an interview during Infosec with VNunet. He made some interesting statements:

We have a good set of laws in place and they have teeth. But the police have priorities and budgets set by the Home Office

and

Any one of you here would volunteer for neighborhood watch if you thought it would improve your community. So why not online?

Read and listen to the whole interview

Roger

TV-Interview during IDC Security event in Belgrade

rhalbh — Thu, 14 Feb 2008 22:44:06 GMT

As you have seen in my post The Fun of Travel, I was in Belgrade this week. It was the opening event for a tour by IDC in Central and Eastern Europe. IDC has a series of security events across Eastern Europe and I had the honor of having a keynote there. Usually, when I visit these kind of events, we are trying to add some press engagements and customer meetings as well. This time it was all about press and I had 5 interviews, two with TV. I just got the raw cut of one of the interviews, which will be on Fox in Serbia this Sunday (and yes, I got the approval to link to it here and put it on Soapbox).

Unfortunately they cut the questions. So, they are (approximately):

What is Microsoft's security vision?
What were Microsoft's biggest achievements in security in the last few years?
Why did Microsoft enter the security products business?
Will Microsoft continue to work with other security vendors collaboratively?
What is the impact on the security vendors, now with Vista having more protection in the OS?
What are the key trends we see and how do they impact our customers and Microsoft?

It is about a 4 minutes clip. If you are interested, you will find it here on Soapbox

Roger

I was visiting Nigeria – watch out!

rhalbh — Fri, 23 Nov 2007 10:14:39 GMT

You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got a lot of different reactions J.

I guess that most of these reactions are based on our constant confrontation with what we call the Nigeria scam. As you probably know there is section 419 of the Nigerian criminal code that is violated by these kinds of attacks. Therefore these scams are often called 419-scams. It is unbelievable; when you go to our search engine and search for "Nigeria scam 419" you find more than 400'000 hits! There is even a site called http://www.nigerian-scam.com/ . For a country like Nigeria, this is one of the worst possible things to happen if you want to base the growth of the economy on modern technology! Is this a Nigeria-only problem? Not by far. A lot of scams originate from Western countries, a lot of others from Eastern countries – and, there is no doubt about it, a lot from Nigeria as well.

I was told that Nigeria is serious in fighting these crimes. Additionally I knew that we have an agreement with the Nigerian government to support them in their efforts . The Nigerian subsidiary invited me to visit the country and talk to the customers and governments and I accepted.

Let me try to summarize a few of my impressions and findings:

I had the opportunity to have a roundtable discussion in Abuja with government representatives and in Lagos with executives from different companies, mainly financial services. Additionally I could collect different impressions of the cities and the country by talking to quite some people. I met a lot of people who are extremely proud of their country and are highly energetic moving the country forward. Additionally, when driving through the streets of Lagos in particular you see a people wanting to sell something all over the place. Everybody seems to want to make his or her own business. So people do not seem to wait until money comes to them but are aggressively looking for their business opportunities.

From a technical point of view Nigeria is ramping up fast. Today they still have a bandwidth challenge. In the Western world we are used to having "unlimited" bandwidth. In Nigeria, this is not (yet) the case. However, Nigeria is in the process of solving this issue and there seems to be a good chance that enough bandwidth will be available in the future to drive growth in the economy. In my opinion this will be crucial as Nigeria and the business there more and more sees that they are part of the global village and want to be connected to it.

What does this now mean? I am convinced that the spirit in Nigeria will have an up- and a downside with regards to this development. By wanting to drive business, Nigerian people will follow all the opportunities they can to grow their economy. This is a very good thing and I am convinced that there will be good opportunities for them as they do not have to care about legacy applications. In other developing countries I have seen impressive e-government solutions as the government made it a priority and made the money available. As they did not have to link back to "old" legacy host systems, they could do very cool stuff. Similar things can happen here. So, watch out!

But, as I mentioned already, there is a downside: By going aggressively after the business opportunities on the Internet, there is a good chance that a small part of the population will go after the illegal business opportunities as well – and we have seen that already. This does by no means mean that Nigeria is the one and only source for lottery scams or even for the "Nigeria" scam but this is definitely a problem for this country. So, watch out! It happened that *.com.ng was blacklisted as a spam domain, which has an unbelievable negative impact on any country in this stage of its development.

When we are coming to the downside, there is always an enforcement piece to that. What is Law Enforcement actually doing to combat fraud and any other illegal activity within their country? I often get the impression when I talk to people in Europe that their impression is that Nigeria is doing nothing or that they are not serious about it. After the discussions with the Nigerian government I am convinced that they really want to fight against cybercrime as they have seen that this is a big image problem for Nigeria. And they are serious about that! They already had their first successes and they will improve.

We, as Microsoft, are committed to help the Nigerian government. We have the agreements in place and started already to train some Law Enforcement officers. So, together and together with additional partners from the private space there is a fair chance to go after the bad guys and help Nigeria to ramp up.

The agreements between the EFCC (Economic and Financial Crimes Commission of Nigeria) and us caught quite some attention which shows that we are on the right path:

Obviously I know of the Nigeria scam. I am convinced that a country like Nigeria needs a fair chance and support to fix this problem and grow the economy that way.

Roger

P.S. I said that I was driving through Abuja and Lagos. Well, driving through Abuja would probably (maybe) work out. Lagos would have been a complete nightmare! I have never seen any worse traffic than that in my life J