June 06, 2005
Tuesday's Cabana Session
Just wanted to update everyone that David Cross will not be arriving until Wednesday, so Darren Canavor from Microsoft is stepping in to assist me with the PKI Deployment
Cabana session. The time remains the same, 3:15 to 4:30 pm, in Track Cabana 16. We will be giving away one signed copy of my PKI book "Microsoft® Windows Server? 2003 PKI and Certificate Security" for the person with the best question
See you tomorrow!
Brian
Posted by at 05:04 PM | Comments (1)
June 03, 2005
Tech Ed in Orlando - Update on Sessions
Hi everyone,
Sorry for the delays in posting the last month, it has been hectic!
I just want to update everyone on my break-out and cabana sessions at Tech Ed.
Break-out Sessions
I am delivering one break-out session, SEC: 400 Managing a Smart Card Deployment at Tech Ed on Wednesday June8, 2005 from 3:45 - 5:00 PM in S200D. This session will discuss managing and planning a smart card deployment for your organization and will include details on current engagements that I am performing for MCS that deal with smart card deployments. If you are looking for additional documentation for your smart card deployment, take a look at these two excellent resources:
- FIPS PUB 201: Personal Identity Verification (PIV) of Federal Employees and Contractors (http://www.csrc.nist.gov/publications/fips/fips201/FIPS-201-022505.pdf). This document's goal is to "improve the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems". It provides some great examples of how to validate the identity of a smart card requester before issuing a smart card to that person.
- X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) (http://www.cio.gov/fpkipa/documents/fbca_cp_09-10-02.pdf). This document is a great resource for guidelines for deploying a Certification Authority that will be trusted by external resources. When looking for smart card resources within the documentation, focus on the discussions on the five assurance levels: rudimentary, basic, medium, high, and test. The document provides descriptions of the types of transactions relevant to each assurance level, the documentation required to validate a requester's identity, and what is required at certificate renewal.
Cabana Sessions
Cabana sessions are probably my favorite part of Tech Ed, as the content is driven by you, the attendees. A Cabana session takes place in a small section of the convention hall, where speakers and experts can field question on the subject of the Cabana from the audience. At last year's show, Paul Adare (www.identit.ca/blogs/paul), extensively used the white board to answers the questions from the audience. I do not think anyone left disappointed. At this year's show, I will be taking part in two Cabana sessions:
- Q&A: PKI Deployment.
This session takes place in Track Cabana 16 on Tuesday June 6th, 2005 from 3:15 to 4:30 pm
This session will be co-hosted by David Cross, Microsoft's PKI Group Program Manager and myself. David and I have written several white papers together and he was a great source of information and assistance for my PKI book "Microsoft® Windows Server? 2003 PKI and Certificate Security" (http://www.microsoft.com/MSPress/books/6745.asp#AboutTheBook). David was the major contributor (say 90%) from the Microsoft PKI Team!
- Q&A: Smart card Deployment.
This session takes place in Track Cabana 16 on Thursday June 8th, 2005 from 1:30 to 2:45 pm
This session will be co- hosted by Paul Adare, IdentIT Inc.'s CTO and myself. Paul and I have been involved in several smart card deployments over the last year and have lots of behind-the-scenes information for the attendees of the session.
See you at the show!
Brian
-
Posted by at 07:04 AM | Comments (0)
April 29, 2005
Tech Ed Europe Announcement
Hi all,
I have just been invited to speak at Tech Ed Europe again in Amsterdam. I will be presenting two sessions and one chalk talk. I am not sure of what dates the sessions will be presented, but wanted to post the session titles and abstracts.
Managing a Smart Card Deployment
Many companies are exploring the deployment of smart cards to increase authentication strength in their networks. This session discusses the design issues you must address when designing your smart card deployment. Not only does a successful smart card deployment require policies and procedures to ensure success, the deployment must also have tools to assist in the deployment and management of the smart cards. The session will look at how Microsoft clients have deployed smart cards in their networks; identify the applications that work for smart cards, and where you still cannot use smart cards. Finally, the session will demonstrate a third party registration authority that allows key recovery for encryption certificates stored on smart cards and helps ensure that identity is proven before issuing a certificate to the certificate requester.
Securing Your Active Directory Deployment: Best Practices
From authentication to authorization, Active Directory is at the heart of distributed network security in a Windows Server based IT infrastructure, and thus plays a key role in securing your IT infrastructure. It is imperative that your organization takes adequate measures to maintain strong security of your Active Directory deployment so as to minimize the risk of a security breach in your Active Directory deployment. In this exciting session, we analyze known threats to your Active Directory deployments and walk through the Top-ten list of actions to take to enhance the security of your Active Directory deployments - from establishing secure Active Directory boundaries to deploying secure domain controllers, from enhancing critical security policies to protecting your administrative accounts and workstations. Come learn everything you need to know to secure your Active Directory deployments.
Chalk Talk: Using Scripting to Ease your PKI Deployment
You are ready to implement your Public Key Infrastructure, and you want to ensure that what you deploy is what you designed. Brian Komar will demonstrate the batch files and scripts that MCS uses during PKI engagements to simplify the PKI deployment process. Not only do these scripts help deployment, but also aid you in a disaster recovery scenario. At the end of the session, you will see the true value of the CertUtil command-line tool.
Brian
Posted by at 06:21 AM | Comments (0)
April 18, 2005
Tech Ed Session Update
Hi all,
There has been a slight change in my smart card session for Tech Ed. I cannot get into specifics, but suffice it to say that the Microsoft Smart Card tools will not be ready in time for discussion at the Orlando Tech Ed. Here is the updated session description:
Many companies are exploring the deployment of smart cards to increase authentication strength in their networks. This session discusses the design issues you must address when designing your smart card deployment. Not only does a successful smart card deployment require policies and procedures to ensure success, the deployment must also have tools to assist in the deployment and management of the smart cards. The session will look at how Microsoft clients have deployed smart cards in their networks; identify the applications that work for smart cards, and where you still cannot use smart cards. Finally, the session will demonstrate a third party registration authority that allows key recovery for encryption certificates stored on smart cards and helps ensure that identity is proven before issuing a certificate to the certificate requester.
The session will include some great demonstrations of a 3rd party registration authority that I have deployed at my customers called Alacris idNexus. The demonstrations will include defining a workflow for smart card enrollment and showing how the registration authority can be configured to implement self recovery. The recovery will also demonstrate how to recover encryption certificates to a smart card. This is great for customers that are planning on deploying S/MIME certificates for secure email on smart cards and are concerned about losing access to encrypted email if a smart card is lost or damaged!
Brian
Posted by at 07:42 PM | Comments (0)
April 16, 2005
WinConnections Conference
I am speaking next week at the Windows and IT Pro Magazine WinConnections conference in San Francisco. This is my fifth year speaking at the conference and the conference just keeps getting better and better. Not only are industry experts such as Mark Minasi and Steve Riley delivering key notes, some of the best minds in the business are delivering sessions.
At the conference, I am delivering the following sessions:
- WIN16: Designing and Deploying a Windows Server 2003 PKI. This session will hilight the lessons learned over the last two years deploying PKI solutions for MCS customers. The session will focus on best practices and some of the common design considerations.
- WIN17: Essential Utilities from the Security Resource Kit Brian, co-author of the Microsoft Windows Security Resource Kit, will be discussing some of his preferred tools from the Resource Kit.
- WIN18: Using the Security Configuration Wizard to Secure Your Windows 2003 Servers. This session will discuss the new Security Configuration Wizard added in Windows Server 2003 SP1 and discuss how to use the wizard to lock down Windows Server 2003 SP1 servers on your network.
In addition, I will be at the Ask the Experts area twice during the show:
- Monday: 3:30pm - 4:00pm
- Tuesday: 12:45 - 3:30pm
Please feel free to come down and chat about security issues you are facing!
For more information on the conference, please click on the following link
WinConnections
Brian
Posted by at 08:12 AM | Comments (0)