Roger's Security Blog : TechEd EMEA

Videos about the latest Security Development Lifecycle

rhalbh — Mon, 15 Dec 2008 21:42:55 GMT

I know that this is not particularly news but nevertheless it could well be that the non-developers out there have not yet seen this. During TechEd EMEA for Developers we announced several things around SDL and had some speeches. Some of them are public including interviews with people like Michael Howard:

Video on the Announcements we made
Dave Ladd’s Blog posts about the Announcements
Walkthrough of the latest Threat Modeling Tool we have available
Top 10 Security Peeves (they are really good and you should look at the discussion – it is just a few minutes)
- Think like an attacker
- No one would ever attack this
- That’s a solved problem
- If we would just focus on quality
- My app is behind a firewall
- Giblet
- That’s wrong
- It’s all C’s fault
- Unlocked Workstations
- Airport Security

So, it is really good :)

Roger

Safe Social Networking

rhalbh — Mon, 10 Nov 2008 00:32:23 GMT

I am often asked by a lot of people what my view is on the social networks like Facebook and what I think about it. Well, the most important points first: I am using social networks myself as I like them to keep an eye on people I might lose otherwise. However, I am really careful putting too much information on these networks (like pictures) as I want to keep my privacy.

We now released 10 tips for social networking safety which I think are pretty good and might even be used by your teen kids as well.

Roger

The Next Version of ISA Server (“live” from TechEd EMEA)

rhalbh — Tue, 04 Nov 2008 15:34:11 GMT

If is once again one of these posts with the start like “I am just sitting in a session…”. Actually I had some time today to visit sessions and look into some things I have never seen. We often have discussions around the future of our products and what we in the field think should be in there. Then you see just slide ware but sometimes it is not too easy to keep up with the pace of the developers in all the products and see what they are actually developing and how it looks today.

Therefore I took the opportunity to sit in a session on”he Next Version of ISA Serve: A Sneak Peak Demo

Let me give you an update on it (no particular order, just the way I saw it today):

ISA Server will be renamed in Threat Management Gateway and will be part of the Forefront Suite. Therefore TMG (the new abbreviation for Threat Management Gateway) will collaborate and share information with the other Forefront products in your network (e.g. Forefront Client Security, NAP etc) in order to assess the threats and protect information. This would mean that if a client sends out information to the Internet on an unusual level, we will block it, but it into Quarantine and Scan it… Way cool.
- It you want to, you can block encrypted zip-files :)
Web Protection:
- Scan files that are downloaded by the users for malware and block them on the gateway by the TMG server.
  - We can even inspect outbound SSL traffic as we are bridging SSL on the server if you want it. The user is informed that SSL will be inspected. This is very important from a privacy perspective. So, with this technology we can block invalid or expired certs. Last but not least here, you can exclude certain sites or site groups (e.g. Finance and Banking) from the SSL inspection. So, you can configure it the way that you do not inspect the traffic but the certificate will be validated or nothing is done at all.
  - For large files, the user gets a page to inform him/her that the file is downloaded by the TMG server and scanned there. If it is ok, it is forwarded to the client. Whether this is kicked off it decided by the download time (more than 10s).
  - We can handle files in cache as well.
- We include URL filtering
  - Block sites you do not want the users to browse to
  - We can even categorize sites (e.g. to categorize them as Malicious) and you can override the setting as you need.
Logging and Reporting
- The console itself still looks very similar to what you are used to from ISA Server 2006 – there is no need to change a lot, isn’t it?
- We enhanced logging with e.g. the information we just touched upon above.
- There is a new node called Web Access Policy where you configure all the different policies above. There is even a really good wizard to deploy these policies.
Active Protection Technology (Network Intrusion System from Microsoft Research named GAPA)
- GAPA will be part of Forefront Client Security as well.
- As I said above, there will be quite some ways to protect your network from attacks. By determining unusual behavior we can block traffic from infected machines and in addition we would be able to kick off actions in the rest of the product suite.
- We will deliver signatures to help you a little bit in order to gain some time before you patch as we learned that the average customer needs more than a month to deploy a security update. To be clear here: This does not replace proper patch management!
Network Access Protection
- We include NAP into the VPN part of the product. We had quarantine in the VPN implementation of ISA Server 2004 already. However, for a lot of customers that took them a long time to deploy as they had to write customer scripts. With NAP you can build on the same technology you can deploy on your network and it is much easier than the scripting version. However, do not just switch it on – this is a project not just a feature…..
- The nice thing is that you not only check the machine during the logon but during the whole session. So, if the machine falls out of compliance during a session, it is taken into quarantine, fixed and brought back to the network again..
Array Support
- You will be able to take two Standard server, join them and have an array. There will still be an Enterprise version to manage multiple arrays but for smaller deployments, this is definitely good news.
And a lot more

As I said: This is way cool…

I am looking forward to getting my hands on the final product!!!!

Roger

Live from the TechEd EMEA Keynote

rhalbh — Mon, 03 Nov 2008 17:30:30 GMT

I did this already last year and will do it again just now: I am sitting in the keynote of TechEd EMEA and just wanted to make sure you get all the security-related (and just cool) announcements of the keynote as “real-time” as possible. In addition I am trying to give you my view on it as well as far as possible:

We talked about Windows Server 2008 R2 and the corresponding Hyper-V implementation. One of the features we will introduce there is Live Migration which means the migration from one host to another without interruption. This is a feature a lot of customers are asking for.
System Center Virtual Machine Manager is introducing a feature called Performance and Resource Optimizer, which is an advisor to you which helps you to make sure you keep your SLAs and it helps you to make best use of your resources and helps you to do server consolidation
In virtualization we will separate the applications from the OSs. So, you will have a vhd for the OS and a vhd for the application! That’s way cool if you think about patching and updating – that’s the way we look at the datacenter in the future.
System Center will be extended past the Windows border to Linux, Sun OS, AIX… In order to do that we joined the OpenPegasus steering committee to work with them to leverage this code.
We talked about Software and Services. Mainly we showed how to move part of your AD and Exchange to a managed online service.

In addition, not in the keynote, you can expect to see a lot of information on

Our Security Intelligence Report v5
Forefront Client Security v2
Identity Lifecycle Manager v2
…

Roger

Getting Ready for TechED EMEA

rhalbh — Wed, 29 Oct 2008 23:34:20 GMT

It is as so often, autumn is the time when all the big events are happening in EMEA. This week was RSA Europe (or I think still is) and next week I am looking forward to TechEd EMEA in Barcelona.

So, I worked at RSA Europe on Monday and Tuesday on the two stories with went live with (the Desktop OS Vulnerability Report and the Lottery Scam Announcement) and now I am preparing for TechEd EMEA. Next week, there will be a very interesting week in Barcelona. There a people coming over from the Forefront team (I have seen screenshots of beta 2 of Forefront – join these sessions, it is worth it), from the Malware Protection Center (we will launch the Security Intelligence Report) and so on. So, watch my blog, I will do my best to give you the news here.

Yes, and last but definitely not least, I will run a session on Wednesday:

SEC203: End-to-End Trust: The Internet - a safer place to work, play, learn and do business (10:45 - 12:00)

Threats change, criminals evolve new ways of stealing money, and valuable data and trust in the Internet continues to come under attack. It's a classic tale of good versus evil with the future of the Internet at stake. The industry is faced with a challenge - either secure the Internet and gain users' trust or lose control to the bad guys and see the value of one of man's greatest inventions dwindle. This session will give you insight into next generation security and Trustworthy Computing's vision for creating an Internet we can trust from end-to-end.

and immediately after I will be in the Ask the Expert’s area. So if you want to know about End to End Trust or just want to come by for a chat, you know where to find me.

One question to you: IN order to keep my blog updated during TechEd EMEA, does anybody know a good Blog Writer for Windows Mobile 6? I was not able to find something which is really worth the installation…

Roger