BitLocker is great! It can prevent the leakage of data from lost or stolen computers by encrypting local hard drives and removable media. But the reality is that very few IT departments have implemented this technology for their user computers. Reason could be either ignorance or because they feel that it is not important for them.

It’s fine if you don’t want to use BitLocker. But have you thought about it’s misuse? What if a user who is experimenting things with her/his computer decides to enable BitLocker and later lose the encryption key? What if someone enable BitLocker in his/her computer and never return to work? You can assume that data is permanently lost!

So how do you prevent situations like this? The solution is very simple. With the help of one group policy setting you can make sure that BitLocker would not be enabled without a backup being taken to Active Directory. This setting will make sure that IT administrators would be able to recover data in the case of any eventuality.

Source: http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20-%20Socially%20Engineered%20Malware%20Q3%202009.pdf 

In the next three months my team is delivering a series of webcasts on Security, starting tomorrow. Here is the list of sessions

1. Information Leakage Protection (October 07)
2. Enterprise wide deployment of BitLocker (October 14)
3. SQL Server Security Part 1 (October 28)
4. SQL Server Security Part 2 (November 04)
5. Security compliance management of Windows and Office (November 18)
6. Security for Web servers (November 25)
7. Safe internet browsing (Dcember 02)
8. Tools for removing Malware (December 09)
9. Securing your messaging and collaboration infrastructure (December 16)
10. Perimeter security and unified threat management using Microsoft Threat Management Gateway (December 23)
11. Remote access with Direct Access and Forefront Unified Access Gateway (December 30)

For more information please check this web site http://www.microsoft.com/India/webcasts/ 

Microsoft has released a free version of complete malware protection software today. This software is targeted at consumers and branded as “Microsoft Security Essentials” (MSE). MSE is supported on Windows XP/Vista/7. Click here to know more about it. Download link is also available there.

This is what I always believed after Vista got released. This article is written by a security expert outside of Microsoft. Microsoft is probably the number 1 vendor who spent time, money and effort in securing their products because their software are the most targeted ones. Now I can see those efforts paying off.

Here is the news that every Apple fan boys should read. The new Snow Leopard is going to have an antivirus in it.

http://blog.intego.com/2009/08/25/snow-leopard-contains-an-antivirus/

http://security.thejoshmeister.com/2009/08/breaking-news-mac-os-x-snow-leopard.html

Not only that Mac is vulnerable it is also being exploited by hackers now.

Findings by BBC

http://www.bbcworldnews.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=1075

Here is a quick summary of new features introduced in service pack 2 of Intelligent Application Gateway 2007.

• Ability to connect from Macintosh OS, Linux OS and Firefox running on Windows OS
• Wiper feature which would wipe off the user data after logoff
• Ability to run IAG 2007 SP2 as a virtual machine on Hyper-V

For more details watch this video

http://edge.technet.com/Media/IAG-SP2-hits-RTM-details-under-the-cover-interview

Recently web sites of three leading security vendors (F-Secure, BitDefender and Kaspersky) got hacked. What is amazing here is that hackers have used standard techniques for the attacks, security is hard to implement!

http://news.cnet.com/8301-1009_3-10161874-83.html

http://www.scmagazineuk.com/Kaspersky-Lab-and-BitDefender-websites-hit-by-hackers/article/127068/

Many of us use wireless networks (Wi-Fi) at home and work for accessing the Internet. Wi-Fi routers are inexpensive and easy to configure. So most of us do not hire an IT Professional to configure it, the CD and instruction manual provided with the router is sufficient to make a wireless network up and running.

Unfortunately a good number of wireless networks set up by novice users are “unsecure”. In other words anyone can connect to these networks and use the Internet free of cost. But recently in India some people faced an even more dangerous issue, terrorists used their wireless networks to send e-mails regarding bomb blasts in Delhi and other cities. The net result is that owners of these wireless networks are now part of the investigation process. It’s indeed a very heavy price for their ignorance on securing wireless networks. This situation also made the job difficult for police as they have to look for other evidences to nab the culprits.

I obviously cannot help you in securing every wireless network out there. But if you are using a D-Link Wi-Fi router follow these steps to secure it. For other routers also the concepts are the same but the exact steps would be different.

1) Type http://192.168.0.1 in your browser’s address bar. You should get a page like this

2) Type “Admin” in the User Name field and password is blank (no password)

3) Click on the MAINTENANCE link and you should get a page like this.

4) Change the Login Name from Admin to whatever name you like. Also type a password in the “New Password” and “Confirm Password” fields. Do not use words from dictionary as passwords; use a combination of upper & lower case letters, numbers and special characters in creating the password.Passwords should also be easy to remember. So sometimes it’s a best practice to use a passphrase instead of password :)

5) Make sure that you click on the “Save Settings” button before you click on anything else. Things you have done so far make sure that your router configuration is under your control and no one else can change it. Otherwise, not only that your wireless network is unsecure but your router itself can be hijacked.

6) Next step is to ensure that access to your wireless network is restricted. Click on the “Wireless Setup” link on the left hand side of your browser. You can configure wireless network with the help of either a wizard or a bunch of manual settings. In both cases you have to choose a security mode. Never choose to disable wireless security. Select at least “Enable WEP Wireless Security”. If the wireless network card in your computer support WPA or WPA2 you should use them, WPA2 is the most secure choice.

7) The key generated in the above step can be used to connect your computers to the wireless network. It’s a good practice to carry the key in a USB based flash drive so that the key can be used in multiple computers easily. Windows XP/Vista machines allow the connection settings to be saved and enable automatic connectivity. So entering of key in your PC is a one time activity.

So that’s it. Have a safe and “terror free” browsing experience

Here is the link for configuring security in netgear wireless router. http://kbserver.netgear.com/kb_web_files/n101675.asp

I keep getting this question from many people on how to block USB storage devices in Windows XP. Here is the solution, may be not as smart as the group policy based solution in Vista.

Very funny! Watch this site www.easyeasier.com

Windows was considered to be a less secure than other operating systems by many people in the IT industry. But this perception is changing. Microsoft has done a tremendous job in increasing the security of its products in the recent past. A recent report by Symantec (no friend of Microsoft) says that Windows has fewer vulnerabilities than its other counterparts. To read more click here.

The other day I was configuring ISA server 2006 to enable internet browsing. I created a new array level policy to enable DNS, HTTP and HTTPS traffic. Users were able to access the internet from the same subnet as ISA server. But users connecting from other subnets were not able to access the internet. So I checked the connectivity from the client to ISA server's network and VLAN settings. Everything was fine. Finally I checked the event log in ISA server and found that the ISA server is dropping the packets due to a suspected spoof attack. Why should requests coming from a different subnet be considered as spoof? This is because ISA server believes that requests coming from any network which does not have a direct route mentioned in its routing table are spoof. So what is the solution? Simple! Add a static route using the route add command.