Steve Riley on Security
Formerly
of Microsoft's
Trustworthy Computing
Group.
Browse by Tags
All Tags
»
passwords
(RSS)
access technologies
Active Directory
authentication
biometrics
email
identity
my book
physical security
risk mitigation
security myths
security policies
security science
Passgen tool from my book
Way back in 2005, Jesper Johannson and I wrote Protect Your Windows Network . It’s still available , and although its product set is now somewhat dated (Windows XP and Server 2003), much of the practical advice about security policies, social engineering,
Read More...
Password policies. Once again.
Recently in the newsgroups ( news:microsoft.public.security , to be specific) the question of password polices and the out-of-box defaults came up. The poster lamented a number of things: that Microsoft doesn't enable account lockout by default, that
Read More...
Why administrative passwords will never be like nuclear missile launchers
During the past few months many people have lamented that Windows lacks a nuclear missile style control option for administrator passwords. Surely you've read about or seen photographs of missile silos where two operators, separated by a distance greater
Read More...
Security myths and passwords
I like this a lot. http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and
Read More...
What do YOU need out of two-factor authentication?
Two-factor authentication continues to grow in popularity and emerge as a security requirement for many people I meet with. At Microsoft, we use smartcards internally for VPN access right now; soon we'll be requiring smartcards for domain logon, too.
Read More...
It's me, and here's my proof: why identity and authentication must remain distinct
My February Security Management column is posted: http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.mspx No matter what kinds of technological or procedural advancements occur, certain principles of computer science will remain -- especially
Read More...
Search
This Blog
Home
About
Email
Resources for you
Get my PPTs from
My SkyDrive
Watch my videos at
TechNet Spotlight
Download
PYWN
's
Passgen tool
follow steveriley at http://twitter.com
View blog authority
Subscribe with FeedBurner
Subscribe, translate, or sort with BlastCasta
Homeland stupidity
threat:
Tags
access control
access technologies
Active Directory
advertising
assessing security
authentication
aviation security
biometrics
BitLocker
blogging
conferences and seminars
configuration
data destruction
email
encryption
false claims
group policy
home and family security
identity
infosec as a profession
integrity
Internet Explorer
IPsec
ISA Server
malware
music
my book
NAP
networking
passwords
patch management
physical security
protection
public policy
risk mitigation
RMS
security myths
security policies
security science
security theater
spam
SSL/HTTPS
TechEd
Terminal Server
the end
the future
the trade press
things that make me angry
things that make me laugh
things that make me worried
threats
virtualization
VPN
Windows 7
Windows Vista
wireless
Archives
August 2009 (1)
May 2009 (1)
February 2009 (1)
January 2009 (5)
December 2008 (1)
November 2008 (1)
October 2008 (2)
September 2008 (6)
August 2008 (2)
June 2008 (2)
April 2008 (1)
February 2008 (7)
January 2008 (1)
November 2007 (1)
October 2007 (3)
September 2007 (5)
August 2007 (2)
July 2007 (4)
May 2007 (2)
April 2007 (1)
February 2007 (1)
January 2007 (3)
December 2006 (2)
November 2006 (3)
October 2006 (2)
September 2006 (6)
August 2006 (1)
July 2006 (3)
June 2006 (1)
May 2006 (2)
April 2006 (2)
March 2006 (5)
February 2006 (2)
January 2006 (3)
November 2005 (5)
September 2005 (4)
August 2005 (2)
July 2005 (5)
June 2005 (5)
April 2005 (3)
March 2005 (2)
February 2005 (2)
January 2005 (1)
Syndication
RSS 2.0
Atom 1.0
