Andy Malone’s MVP - Security & Technology Blog

Well I have been talking about this one for a while and I am delighted to say that it’s finally here. Microsoft Forefront Threat Management Gateway or TMG as it’s known. TMG is the long awaited replacement to ISA Server and comes with a host of new technologies to keep the bad guy at bay. TMG gomes with a host of new features including:

• Control network policy access at the edge (Firewall)
• Protect users from web browsing threats (Web Client Protection)
• Protect users from E-mail threats (Email Protection)
• Protect desktops and servers from intrusion attempts (NIS)
• Enable users to remotely access corporate resources (VPN, Secure Web Publishing)
• Simplified management (Deployment)

Now in terms of setting up TMG One of the most important changes in Microsoft Forefront TMG is that it must be installed on Windows Server 2008 with 64 Bit technology, this is the same for either 2008 or 2008R2..

Other requirements include:

• 2 gigabytes (GB) or more of memory
• 2.5 GB of available hard disk space. This is exclusive of hard disk space that you want to use for caching or for temporarily storing files during malware inspection.
• One network adapter that is compatible with the computer’s operating system, for communication with the internal network.
• And additional network adapter for each network connected to the Forefront TMG server.
• One local hard disk partition that is formatted with the NTFS file system.

Other than that the product rocks! This is the product that not only myself but the industry has been waiting for. Intrusion prevention should be a basic feature of any organisations security plan and this product will serve you proudly. If you would like to know more then cvisit the TMG site here http://www.microsoft.com/forefront/threat-management-gateway/en/us/default.aspx and you can download the trial version here http://technet.microsoft.com/en-us/evalcenter/ee423778.aspx

I have just completed presenting at the Cybercrime Security Forum 2010 in Utrecht in the Netherlands. Thanks so much to all the delegates who attended the event. Your feedback and enthusiasm has been awesome. Thanks to Global Knowledge for hosting the event and also to Paula for her great presentations. The password hacking session was my favourite.

Over the next few days I will pull together all the links for the tools discussed. Most are on the Student DVD, others will be forthcoming via link. FYI due to the success of the event we already have a date for a 2011 event. 24^th & 25^th January 2011. See you there.

Next week I am undertaking some retro training on Windows Server 2003 (Hey it’s what the customer wants!) Followed by more security training for the US DOD, That should be fun.

This week I have been passing security exams and working on presentations for a quickly approaching Cybercrime security event which is taking place in the Netherlands on the 28^th & 29^th January. For information on how to sign up visit www.globalknowledge.nl who are hosting the event. This year I am delighted to welcome Paula Januszkiewicz as a speaker. Paula has years of experience as a security auditor in Poland as well as other European countries.

She is also a fellow Microsoft MVP in Enterprise Security and an MCT (Microsoft Certified Trainer. Paula was also the winner of the US Microsoft Speaker Idol contest and was a speaker at TechEd in Berlin where her session was a great success.

Now as I mentioned I have been working on all new presentations for the upcoming event. 1 particular 1 of interest for me is the “Cloudy with a Chance of Fear” session. With adoption of cloud and computing and virtualization technologies there seemed to be so many people asking security questions. So I decided after loads of research to put a session together which addresses these issues. Now if you don’t get to see the session at our upcoming Cybercrime event have no fear I will also be delivering the session at the following events:

• Microsoft TechEd 2010 Middle East – Dubai 1^st – 3^rd March
• Microsoft Tech days 2010 Sweden – 23^rd & 24^th March

Hopefully I will see you at one of these events. As many of you know I have been doing a lot of work designing and delivering a Social Networking Security course for the US Army. This has been a great project. Later this week I am to be interviewed by the AFN Network (Army Forces Network) in a bid to get the security message out there. So listen out, more details will be forthcoming. On the subject of Army training thanks to everyone who braved the snow at our recent event in Belgium, it was great to see you and feedback was excellent.

Finally I love silly things! I have heard of people having a fear of flying (I know I do a lot of it myself) but I have never heard of someone having a fear of flying simulators! Check it out http://www.flyingwithoutfear.com/fearofflyinghelp.html Whatever next!

The other day I was in my local Supermarket. After shopping for what I needed I headed for the Cash point. Upon arrival this greeted me and got me thinking. I like to think of this as “What’s the point” security. Companied go to great lengths to ensure staff and customers feel safe and secure. This is a perfect example of what happens when procedures are ignored or taken for granted.

The result here shows a clear venerability which could be exploited. Security procedures are put in place to ensure three things, Confidentiality, of trade secrets, data, plans etc. Integrity of information, i.e. ensuring that it has not been tampered with and is securely stored and finally to ensure that the thing being protected remains available. This is a concept known as the CIA triad and is the foundation of the way security should be implemented and is often lesson one in any book.

The problem with the picture is that it demonstrates that we are all human and human’s as you know make mistakes. We also have an in built socialisation mechanism which makes us fundamentally trust people. Now of course I am not saying that this is a bad thing in fact it’s what separates us from “them”.

Hopefully after looking at this picture you can take the small amount of knowledge learned here and re-evaluate the way you do things thus reducing potential RISK! Something to think about eh?

Well as they say it’s back to business. I was reading an article that Adobe is planning to promote stealth updates to it products in the not too distant future. Now initially that sounds great, not having to worry about keeping applications updated. But where will this technology go from here will the other vendors join the bandwagon? What are the risks of using self updating applications, oh sure to the end user it’s a Godsend, but for administrators like me and you, we have to clean up the mess that a badly written patch brings.

At this point you are probably thinking that I don’t support this development! Well on the contrary I do, however as all automated updating technologies have shown in the past. Software companies have to ensure that administrators can test patches and decide when and how they will be deployed.

It’s not just Adobe either a large number of vendors including Microsoft occasionally deploy critical updates in this manner, but the question remains. Is this how it will be for all software in the future? Hmm let’s wait and see!

As the New Year approaches it’s time to look ahead at 2010. For me the first 3 months seem pretty busy. In January I will be travelling to Germany, Italy, Norway and Denmark, phew! And if that wasn’t enough I will be off to Seattle in February for the annual MVP Summit. I am looking forward to this as it’s a great opportunity to see what’s in development at Microsoft and spend time with peers and MS product groups.

In recent years Microsoft TechEd EMEA was based in Europe, In 2010 for the first time TechEd gets its own Middle East event and I am honoured to be one of speakers who will be in Dubai 1^st -3^rd March. I also just noticed that Active Directory guru John Craddock will be joining me. For more details on TechEd ME visit the website at http://www.teched.ae/ that will be fun. On the subject of TechEd the US event will be held in New Orleans June 7^th -10^th with some pre conference seminars available before. At the moment there is a $300 discount if you book before December 31^st so hurry. Details can be found at http://northamerica.msteched.com/default.aspx

Also in March Microsoft Sweden will be once again holding Techdays 2010. I am delighted to be involved once again as a speaker and will be delivering a couple of security sessions this time on protecting businesses from the inside man as well as a session on Cloud security. Techdays is on March 23^rd & 24^th. Details can be obtained here http://www.microsoft.com/sverige/techdays/

Finally I hope that Santa was good to you. This year as many of you may already know I have taken up archery and as such received a nice new shiny bow with all the bits :0) I hope he was good to you!

Over the past couple of weeks I have been teaching Social Networking Security to the US Military in Germany and training Windows Server 2008 R2 to Microsoft Partners in London and Coventry. After l my travels it’s great to be back teaching in the UK. My schedule is filling up for next year with bookings into June, including destinations as exotic as Seattle, Oslo, Copenhagen, Germany, Cyprus, Dubai, The Netherlands and Russia.

I almost forgot how busy London is. Last night I went into the very heart of the city to Leicester Square and witnessed the premiere of David Tenants latest movie St Tinian’s 2. Now that’s one movie where I am glad that I was on the outside rather than the watching the movie. After a rushed meal I went to see Michael Caine’s latest and in my opinion one of his greatest movies “Harry Brown”. Now surely he has to win some kind of award for the role of the OAP vigilante who isn’t goanna take anymore crap! Go and see the movie, it rocks!

Of course you can’t come to London and not ride the Tube! You know after travelling on many of the world’s metro systems I have come to the conclusion that London is by far the worst. It’s dirty, uncomfortable and packed. London can definitely take lesions from Copenhagen, Barcelona and Los Angeles who have the best. How you guys do this every day, I simply don’t know.

Next week I am back in London and Germany teaching Windows 7 to MS partners. You know it’s amazing that the internet is a buzz of requests for wish list features in Windows 8! Common guy’s 7 is just out. At Microsoft as you development never stops and below is a wish list for features in Windows 7 & Windows Server 8:

Windows Server 8 Wishlist

• Recycle bin GUI
• GUI for Granular Password Policies (think Specops Password Policy Basic)
• Direct Access for SBS
• Remote admin tools for Windows Mobile & Other mobile platforms.
• GUI for dual boot into VHD
• Encryption on by default
• Simplify the addition & management of Roles & features
• The ability to load the GUI from Server Core. Remember the WIN command in 3.1
• The addition of an IPS (Intrusion Prevention System) Linked to Windows Defender. This should be a standard free feature for ALL users.

• A Windows light edition where user sees the desktop but all apps / features are in the cloud! This would cut down on piracy. Like Google Chrome.
• Simplify the interface. Combine options / features.
• Fewer Versions.
• Automatic Maintenance: Remove the need for user to patch OS
• Integrate Media Centre & Media Player (consistent look & feel)
• Improve Off-Line file user & and file synchronisation
• Better integration with Live Services
• Improve storage management to include cloud items, i.e. Sky Drive etc.
• Improve Security to protect against malware threats.
• Refresh some of the GUI’s, make them more interesting, i.e. regional settings, make this a map of the world (like Linux).
• Introduce multiple desktops switching between physical and virtual machines,
• Make the OS more open by giving users the ability to download add ons / apps like I Phone, Blackberry apps, but for the desktop.
• Tighter integration of applications into the interface, i.e. remove the dependence on icons.

There you have it. That’s mine (so far), there will be many more…

Social Engineering at it’s best. Everyone’s a winner baby!!……Except you!!!!

SWISS LOTTO NETHERLANDS

FRANCOSTRAAT 40,

3067DV,LAIDEN.

NETHERLANDS

https://www.swisslotto.ch

CONGRATULATIONS!!! YOU HAVE WON 750,000 Euros You have been awarded 750,000 Euros in the SWISS-LOTTO Satellite Software email lottery in which e-mail addresses are picked randomly by Software powered by the internet through the worldwide website. Your email address was amongst those chosen this year for the SWISS-LOTTO Satellite lottery. And this promotional program is proudly sponsored by the SWISS-LOTTO organization.

Your email address attached to Ref number 5, 7, 14, 17, 18, 43 with Serial 10,, and consequently won the lottery in the “A” Category. You have therefore been approved for a lump sum pay out of 750,000 Euros. Number 1979-12 drew the lucky Numbers 101979-12 drew the lucky Numbers Please note that your lucky winning number falls within our European Booklet representative. In View of this, your winning prize will be released to you by our fiduciary agent located In the Netherlands .Our European agent will immediately commence the process to facilitate the release of your winning funds as soon as you Contact them. This promotion takes place annually. For security reasons, you are advised to keep your winning details confidential till your claims is processed and your winning funds remitted to you in whatever manner you deem fit to Claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program by some unscrupulous elements.

To file for your claim, please contact our fiduciary agent:

Mr. David Bradley

Email: david01@naseej.com

Tel: +31-626-539-970

Provide him with the information’s as stated below:

(1) Name:

(2) Address:

(3) Marital Status:

(4) Age:

(5) Sex:

(6) Nationality:

(7) Country of Residence:

(8) Occupation:

(9) Telephone Number:

(10)Fax Number:

(11)Draw Number above:

These details facilitate the due process and the release of winnings to avoid unnecessary delays and complications in the processing of your Winnings.

Congratulations once more from all members and staff of this program.

Sincerely,

Mr. Kenneth Gram

Online Games Director

SWISS-LOTTO NETHERLANDS..

https://www.swisslotto.ch

1. The first thing we notice is that the official email is a free AOL account and not a business email. Unlikely.
2. The second thing is that they ask you to keep your winning a secret. This is strange because lotteries thrive on publicity.
3. The thing to remember is - it sounds simple, but people get scammed out of their hard earned cash every day - you cannot win a lottery you did not enter.
4. Giving out your details to a claims agent will initiate the process whereby they will ask you for “retainer cheques” or “administration fees” so they can “free” the money or send it overseas.
5. They will continue to do this in increasing amounts until you get frustrated and give up, or call the police, in which case they will tell you YOU CANNOT WIN A LOTTERY YOU DID NO ENTER.

For the past couple of weeks I have been on the road in Schwetzingen, Germany developing and teaching a course on Social Networking Security for the US Army. It’s a pretty meaty subject and it’s something which affects us all. Social Networking is nothing new, it’s been around for century’s, but the internet has given it a new lease of life. The explosion in Social Networking Sites has been truly amazing.

There are SNS’s for almost everything from, religion to movies, dating, technology and so much more.  In the past year or so this explosion has expanded on to our cell phones and beyond, meaning that we can truly socialize 24/7. Now of course this is an amazing development but like all good things you need to approach new technology from a security standpoint. Parents need to teach their children of the dangers lurking out there in cyberspace and believe me they ARE there.

I am often asked what advice would I give to folks who have not yet signed up to a SNS well here are my top 10!

1. Not everyone is your friend
2. Understand the dangers
3. Report misuse immediately
4. Review the terms and conditions of the Social Network site before you register and commit to their site
5. Be extremely cautious as to whom you allow access to your profile
6. Be careful what kind of personal identifying information you post on SN site; too much information can lead to identity theft
7. Be aware that anyone can access information you place on a SN Site if your profile is made public
8. Avoid putting your physical address on your profile
9. Avoid putting any personal phone numbers on your profile
10. Use a generic email address such as a Hotmail account rather than your personal email address

I recently chaired a panel discussion at this year’s TechEd Europe in Berlin. We had a great discussion on SSNs. If you wantto see more click the link: http://www.msteched.com/online/view.aspx?tid=53dc4b05-4bac-4fdb-aa67-ddc6123cc8ad

After last week’s TechEd Europe in Berlin, this week I am starting to feel like Tom Hanks character in The Terminal! You know the one where he’s wondering around the airport in his dressing gown. Travelling may be interesting but it is very tiring.

Anyway that said we have just completed our last Cybercrime event for 2009 in Cyprus. It was great fun and the feedback has been great! A big thank you to all the delegates who participated and to all our sponsors who made the event ran so smoothly. We appreciate your efforts. We will be back… But next time it will be smoke free, as of January 2010 Cyprus catches up to rest of Europe by banning smoking in public places, until then it’s a killer….literally :0-(

Once home I have yet another fast turnaround as next week I am in Frankfurt delivering more security training. I love Germany it is a beautiful country and the folks are great! Anyway onwards and upwards. If you participated in any of my Tech-Talks in Berlin last week they are available to view on-line at www.msteched.com