Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there are recovery toolsets out there but with our acquisition of the sysinternal tools, the value of ours grew significantly. I just tested the latest version for Vista and believe me – it rocks (as far as a tool can rock that tries to recover me from a crash…). If you need information on this, there you go: Microsoft Diagnostics and Recovery Toolset

Let me give you a very brief insight:

Basically DaRT is based on the Vista Recovery Toolset. So, when you boot, you get a pretty familiar screen:

The only different is, that you see the link at the bottom to the Microsoft Diagnostic and Recovery Toolset – where all the magic happens J. If you decide to choose them, you get a broad selection of tools:

ERD Registry Editor: A registry editor for the OS you selected during the boot time

Explorer: Speaks for itself: Browse through the disks

Locksmith: With locksmith you can reset the passwords of all the local accounts. (you need physical access to the box to do this and have a look at this post before we start a big discussion on this: Windows Vista Recovery Console and the Password)

Solution Wizard: This is a cool thing. If you are unsure which tool you need to use, try this wizard and you are guided to the solution:

Crash Analyzer: If you have a mini-dump on the disk and include a debugger, you can look at crash dumps

TCP/IP Config: Obvious thing – but. Often I failed to access any resource on the network with these recovery toolsets as I could not change the network configuration (e.g. I have a fixed IP, am on a different network and should simply switch DHCP on).

File Restore: Restore accidentally deleted files

Hotfix Uninstall: If your system does not boot anymore because of a hotfix, this is the way to remove it (even though this never happens, does it?)

Disk Commander: Tools to fix your disk if you have problems with it.

SFC Scan: As the title says: Repair your system files

Disk Wipe: Securely erase your disk

Search: Hmm, cannot remember what this tool does J

Computer Management: It is not the "normal" Computer Management Console as the OS does not run but a console to do some repair activities:

Standalone System Sweeper: I do not like this too much as it is a tool to look for malware, rootkits etc.

So, this tool is definitely something you should look into. Download the trial!

Roger

You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate Management.

If you are interested, you might register at the link above.

Roger

As you probably realized, I stopped the series "How I secure my Infrastructure" as the hit rate on the corresponding posts have been pretty low. However, if I have something which I think is interesting and/or cool, I will still add a post. This one has close to nothing to do with security but much more with blogging – I simply would put it in the "cool" baskets.

Actually I was talking to somebody recently about my blog and that I see the highest hit rates whenever I blog on real technical stuff. As soon as I raise questions on policies/organizations, the hit rate drops significantly. During this discussion I realized that the problem might well be that the blog is on TechNet – and there you expect mainly technical stuff. Therefore I went out and started to think about running a second blog on a different URL. Finally I ended up using my SharePoint at home. So, what is cool on that – so far nothing. I started to play a little bit with a blog site on SharePoint but, well, it looked not really sexy and I did not want to invest a lot of time designing my blog. I started to search on the Internet (on http://search.live.com J) and found a site called Codeplex – if you are running SharePoint and do not know this site, it is great. This is our OpenSource project for SharePoint and they offer a project called Community Kit for Sharepoint: Extended Blog Edition. In addition they have Wiki, Discussion Boards, Intranets, …

It is: Downloading, installing, using. And they have a lot of functionality which can be easily configured or implemented like the Captchas for comments and stuff like that.

If you want to see a page running on that kit: http://www.halbheer.info/security

At the moment the Technet blog and the one above have the same posts in it. In the future I am thinking about separating the blogs: Having some joint posts, having the more technical stuff on TechNet and the more policy-related content on the new blog.

We will see, what the future brings

Roger

As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not talking about their shoes but what about the way they handle security?

It seems that during Infosec (the information security exhibition in London) there were quite some notebook just lying around and – even worse – unlocked. Now, we ask the users to take care but we do not even do the basics right? I once said a few years ago that whenever I find an unlocked notebook in the office, I would add myself as a local admin (as most of us are admin on the box, this is a fairly easy task if the machine is not locked). Now, after doing that I waited for the next time we had a meeting together. It is Microsoft attitude that you take your notebook to the meetings (and some do e-mails during the meetings L). I then remotely rebooted their notebook… I can tell you, the look they had on their face during that was really worth it.

If you want to read the whole story on Infosec: Infosec: Security pros 'ignoring' their own message

Roger

Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers and leave your network open to the Internet. But today's trends definitely show the need for new models and for saying goodbye to the "I defend the perimeter and I am secure"-methodology.

• My notebook which is travelling with me around the globe and is connected much more often to a non-trusted network than to a trusted one has to be part of the perimeter of Microsoft-IT's network
• Today's businesses have completely new ways of doing partnerships. Some customers even tell me that it might be that their business switches partnerships within hours. How do you handle this, if you infrastructure is not able to deal with a high level of flexibility.
• You business wants to do business with people on the Internet. I have seen network designs with 5 perimeter networks layered at the edge. How do you think that they will ever be able to deploy new services across this design? What will they do? Outsource their solution and you will lose control completely (do you remember RSA Europe: Are you ready for security and privacy?)

So, there are different approaches technically to this challenge and I started to discuss some of them in this blog. Thomas Raschke, Security Researcher at Forrester, raised a new question: K.I.S.S. the castle (analogy) good-bye! Okay, done - now what?. Even though I rarely used the castle analogy, what analogy will follow the castle? We often try to use pictures of the real world to explain what we do to non-technical people. How do you explain the challenges above including the defense mechanisms to them today? What do you use as an analogy? Unfortunately I do not have the silver bullet but would be interested to learn

Roger