Building Infrastructure

If you are an IT professional working with Microsoft technologies then Tech-Ed is the conference to attend (although some organizations have issues with sending employees to “conferences” so you might need to sell it as a “technical training event” to be able to attend.)

Even if you are unable to attend Tech-Ed, there’s no reason to miss out on all the great sessions that take place at it.  During the conference, some sessions are simulcast via the Virtual Tech-Ed website (so you can listen to and see the presentation live) and all the sessions are available as part of a DVD set a month or two after the conference (and if you can’t get your employer to pay for that–it might be time to re-think your choice of employers….)

This morning I watched a simulcast of the ”Why I Can Hack Your Network in a Day! (Level 300)” session by Marcus Murray.  It was another great Tech-Ed security session in the tradition of Jesper Johansson and Steve Riley.  I’d strongly recommend that you watch if you have any degree of responsibility for IT security (whether it’s the client, server or network.)

Marcus did some really good demos of how easy it is to hack most networks.  The hash-injection and RDP demos made me really appreciate some of the decisions I made in the past (and fortunately no one could hear me laugh when I realized how exposed some environments are.)

Links:

Virtual Tech·Ed Home 
TechEd DVD 2007
Marcus Murray’s Blog (with notes from his presentation)

If you’re an IT person in Canada and you’re looking to contribute back to the community, then MatchIT.ca is for you…

 

Billed as “Canada’s IT Volunteer Matching Exchange” this is an initiative to match IT pros with charitable/non-profit organizations that are in need of IT assistance.  It just got started this week and there are already 225 volunteers registered!

http://matchit.ca/

If your company has customer details or sensitive information stored on laptops or USB keys and you have not yet taken steps to encrypt that data then continue reading. 

Preventing the disclosure of sensitive data stored on laptops is not a new concept–security conscious organizations have encrypted the data on their laptops since the days of DOS (although back then it was a lot of work and required expensive third party software.) 

Fortunately, it is now quite easy to encrypt the data on a laptop–it’s maintaining access to that encrypted data in the long run that is difficult (ie. can you regain access to the encrypted data when the keys are lost or forgotten???)

Some good news is that Microsoft has released a “Data Encryption Toolkit for Mobile PCs” that includes a Planning and Implementation Guide and and an EFS Assistant that will make it a lot easier to implement BitLocker and/or EFS.  I’ve also included some notes, tips and links below that should help you keep your laptop data safe.

Windows XP/Vista – EFS

Microsoft’s Encrypting File System (EFS) has been around for a long time–but for some reason organizations have been slow to implement it (possibly because it requres some planning and extra work to implement correctly.)  If you’re running AD and Windows XP then EFS is probably the best way for you to encrypt specific directories/files on your users’ notebooks (although you may want to look at TrueCrypt for your USB keys.)  My advice here is to plan carefully and test everything before implementing in production and make sure that you configure data recovery agents (don’t use the default Domain Administrator DRA.)  Some good resources are:

MS Best Practices for EFS (KB 223316)
TechNet Magazine Articles (February and March 2007)
How to Encrypt Offline Files (KB 312221)
Problems with Offline File Encryption When Users Do Not Have Admin Privs (KB 810859)
TechNet Security MVP Column (December 2006)
How to back up the EFS recovery agent private key (KB 241201)

Windows Vista - BitLocker

BitLocker was introduced with Windows Vista and can secure your whole computer (versus the directory/file encryption possible with EFS.)  It also requires planning and additional work to implement correctly–so you should give serious thought to including it as part of your Windows Vista deployment and plan on buying computers (especially laptops) that support TPM.  My advice here is to plan carefully and test everything before implementing in production and make sure you store your recovery keys (AD is ideal for this.)  Some good resources are:

Data Encryption Toolkit for Mobile PCs
Windows BitLocker Drive Encryption Step-by-Step Guide
MS BitLocker FAQ
TechNet Webcast: Microsoft BitLocker in the Enterprise: BitLocker Tools to Make Your Life Easier

Windows XP/Vista and Linux – TrueCrypt

If you don’t have many laptops with sensitive data, or if you only need to protect the data stored on USB keys then I would recommend looking at TrueCrypt.  It’s an open-source gem that allows you to create encrypted volumes on either your hard disk or external USB storage and can be used with Windows XP/Vista or Linux.  It is powerful and feature rich–the only drawback is there is not really a mechanism to manage it across a large number of computers.

http://www.truecrypt.org/
Script to Launch/Mount TrueCrypt from USB

 

[Updated June 6, 2007 with link to latest version of Data Encryption Toolkit and TechNet Webcast]

I was just reminded that the first mass email virus happened eight years ago this week….

Melissa struck my workplace on the afternoon of Friday, March 26.  Fortunately, it was late in the day when Melissa arrived and only a small subset of computers were running Word/Outlook 97.   I was the Exchange admin and this was before most people had any form of email antivirus–so it was a nasty surprise for me (although it wasn’t the end of the world–I did miss a great dinner at one of my favorite restaurants.)

The clean-up was completed overnight (I had already written some VBA scripts to crawl mailboxes for specific file attachments for a different task–and upgrading these to remove Melissa was fairly easy.) 

VBS/LoveLetter in May 2000 was a different story….

CastleCops is a group that has been around for a while–but I never noticed them until recently.  They are a volunteer group that focuses on identifying and eliminating “phishing” websites.  Submit a phishing email or URL to them and one of their volunteers will verify it and then take the appropriate steps to get the website shutdown.  It’s a very active group with lots of good information on their website, there’s a PowerPoint with more details about CastleCops here or you can submit a phishing email/url via the PIRT/Fried Phish link (only recommended if you know how to pull the URL out of an HTML email.)

They’re also looking for more volunteers–so if you have some spare cycles, sign up.