Friday, September 17, 2004

TechEd Day 4

Today spend most of my in security tracks.

Guess what? Steve Riley and Jesper Johansson did it again. For another time,
they turn a dry subject into an interesting session and won the applause.

The day start with Steve Riley's session : Security Enhancement in Windows XP SP2.
Will blog more about this session later in a separate post.

Following that is Ben Smith's Internet Explorer Security. This is basicaly an extension session of Steve's previous session. Ben's focus primarily to SP2 security enhancement that has been made to IE and highlight some of the changes that should be aware of.

The last session before lunch was Harry Pierson's session on architecture related topic. He explore the similarities between the evolution of cities in the 19th and 20th centuries and the development of IT shops and what the industry need to do and move next. Then he explain how Service Oriented Architecture fit into the picture. This presentation is also available as article on MSDN.

It is Steve Riley's session again : The death of DMZ. I feel guilty for falling asleep in this session as I have eat too much during lunch. Anyway, the main message of this session is the network perimeter, firewall and whatever protection you put on the network might no longer offer protection to your resources. Instead, the resource or object should know how to protect itself. This is archived using Right Management Service.

Last session of the day is Jesper Johansson's Windows Password, another awesome session. He walk us through the different authentication methods that is available in Windows environment and how they work. He also gave some tips of how to change the authentication method. He then go on to talk about password, what is good and bad password, how bad password and password stored using weak hash can be easily hacked. The take away from this session is however strong the password you choose, it is still not as good as a pass phase. Windows password can be as long as 127 characters. So instead having a password that is 'P@$$word', you can give something like 'I love thi$ p@s$word'. Isn't the later looks better and sounds more natural and easy to remember.

0 Comments:

Post a Comment

<< Home