Tuesday, July 05, 2005

Tidbits on security and Windows 2003 SP1 - TechEd Europe day #1

As I wrote earlier I attended the "Active Directory Internals: the Sequel" a couple of hours in the late morning and there were a couple of interesting topics.

As you may know Windows Server 2003 contains a reanimation (undelete) API which recovers objects without buying third-party tools. SP1 now also recovers the sIDHistory of an object. Restore is quite easy if you know the ldp tool - just set LDAP control flags in LDP to show deleted objects, find the object and in one operation set the isDeleted attribute to NULL and set the DN appropriately (To where you want to locate your object). Find more on the subject of reanimation in KB 840001 under the topic "How to manually undelete objects".

Also SP1 introduces the notion of confidential attributes that can't be seen by default by Authenticated Users (As most attributes can). Just set the searchFlags bit 7 to 1 (Confidential / True) or 0 (False).

Steve Riley and Jesper Johansson on security
The presentation wasn't by anyway boring - I kept my eyes open all day (a first ;-) - but I'm sad to say that the overall technical content wasn't satisfactory. Most of the day wen't with plain vanilla stuff on security based on the Implementing Client/Server Security presentations used earlier, administrative templates and other plain/old information. Luckily it was nicely beefed up with good stories, discussions and provocating thoughts by Steve and Jesper.

So what was interesting? -Well "Passwords has passed the end of their useful lifetime." I do agree with that and it has also been discussed by other security experts than Jesper and the solution isn't always just to buy a two factor authentication device as Schneier discusses in his essay - To Little, To Late. But personally I do prefer to use Password Safe instead of jotting down my password ;-)

There was an interesting discussion on security and outsourcing and they stated that China doesn't even have the concept of Intellectual Property and that outsourcing companies that may have loads of internal information on their customers probably will be the next point of attack.

ISA 2004 was as usual well appraised especially the fact that Application Proxy’s are much more usable than standard Packet filtering firewalls. I do agree that ISA 2004 is a great firewall with one exemption - the application filters aren't updated on a frequent basis and there are no new ones coming unless there is a product upgrade. Like MOM Management Packs it should be a requirement that each product group, if applicable, should release a new/updated application filter at the same time or just after releasing their product (E.g. for Live Communications Server). I discussed this with Steve and he told me that there are no plans for this (And he already had a discussion with the product group around this without luck).

On the point of SP1 it was emphasized that in an Exchange scenario SCW is used to secure the OS itself - NOT exchange so we should still use the Exchange 2003 Security Hardening Guide to secure Exchange.
Also I discussed with Steve on when the Firewall actually is disabled; a discussion I’ve had earlier with Susan Bradley on my article Microsoft Security Initiatives in SP1 and SP2 - nothing but a complex toy? (Check the comments). There’s apparently some confusion on this topic – in my experience with the RTM release the Firewall is always disabled after an upgrade or on in case of a new slipstreamed SP1 installation after you press Finish in the Post Setup Security Updates (PSSU) wizard.

As I mentioned in the start I wasn't bored at anytime but each time a topic looked a bit interesting (Like on Network Isolation or Wireless Security) the comment was We have a session during the week on X and X go listen to that instead and we want to make sure that we have enough attendees to our other sessions - Well why do you think we paid for a pre-conference day ? To listen to security for one day so that we could follow other tracks or the hands on labs the rest of the week! (To Steve and Jespers defence they were provided with a set of standard slideware that they were required to follow).

No comments: