Afternoon at the Microsoft Security Summit.
After a great box lunch I attended the Implimenting Advanced Server and Client Security session, put on by Steve Riley at Microsoft. There were a few interesting 'take aways' for this session.
First was a point I have made for some time. I think it shocked the room when Steve said it was bullsh*t to disable your broadcast SSID in your access points. It was useless anyways… all association request messages are broadcast clear text anyways. If you sniff long enough you will see legit traffic associating, giving you the SSID anyways. By enabling the SSID though… you allow the wireless access tools in Windows XP to 'just work'.
I also found out that later in the year Microsoft will be releasing Microsoft Audit Collection Services (MACS), which is basically the same functionality as what Unix has had forever with syslog. Neat difference is how it is designed to import directly to a data source like SQL server. This is nice; it is about damn time.
I have been wrestling with Active Directory stuff as of late, and I enjoyed Steve's 30 second AD structure. Some organizations take weeks, months even years as they try to organize an Active Directory structure that fits in with the politics of the organization. Steve gives us a quick way to deal with it:
- Forests and Domains = Physical geography
- Organizational Units = Administrative Model
- Security and Distribution = Organizational Chart
Yep… it's that simple.
Basically Steve wrapped everything up into 4 bullet points (even though he had over 120 slides for a 90 minute presentation *shudder*)
- Authenticate everywhere
- Validate always
- Authorize and audit everything
- Encrypt when necessary
I concurr. [Dana Epp's ramblings at the Sanctuary]