Practical Security
Take an all-new look at security in a Microsoft environment, including information on the latest threats, tricks for securing key components of your environment, and much more. All topics are delivered by speakers from across the broad TechMentor arsenal of experts, so that you get the very best independent information available. \
Tuesday, May 13
TS4Intro to Hacking and Countermeasures
Todd Lammle
9:45 a.m.
Clean networks and a clean Internet don’t have to be futurist – you can have a clean network and PC today! However, very few people have them. So how do you get one? One way is to understand hacking and the hackers themselves.
This introductory session will show you the humble beginnings of hacking, how viruses/Trojans, etc. are so easily spread, and the typical hacks used against Windows clients and servers. Next we’ll discuss the countermeasures such as firewalls and security appliances (Intrusion Detection and Intrusion Protection) that will lead you to a “clean” network. Basic hacking tools will be demonstrated as well as what you need to know to protect your laptop while on the road and at work.
TS9 Intro to USB Stick: Remote Communications and Portable Applications
Todd Lammle & Keith Parsons
11:15 a.m.
This unique session will show you how to connect to PCs and hunt down problems using tools hosted on the Ultimate USB Security Stick. The USB memory stick is loaded with powerful security, hacking, and forensic programs--everything you need to help troubleshoot and secure client PCs, even if you lack Administrative rights. During the session, you'll use the software on the USB stick to work through practical exercises and try out new computer setup and recovery techniques. You'll also learn how to secure your PC against others who might try to use these tools to access your hardware. You'll learn how to use USB-hosted apps to run everything from Web browsers and e-mail clients to productivity applications -- all without leaving a trace behind on the computer. This is a great session that will help you handle trouble no matter where you find it.
TS14USB Stick: Network Analysis
Keith Parsons
2:00 p.m.
Network analysis involves sniffing packets and tracing networks. But did you know that you can do all this with tools hosted on a single USB stick? In this session, you’ll experience hands-on live network analysis. And because you'll be working with portable software, you can employ these techniques on almost any system--all you need are the tools on the Ultimate USB Security Stick! You’ll learn how to see everything that’s typically leaked from most networks. You’ll locate passwords, identify suspicious traffic patterns, and view and capture packets on the fly. To ensure you’re equipped to handle today’s changing networking environments, we’ll also show you how to perform these tasks both wired and wirelessly.
TS19USB Stick: Penetration Testing
Keith Parsons
3:30 p.m.
Do you know if your systems and networks are adequately secure? There's only one way to find out--perform penetration testing to find out what a hacker might be able to see, find, or even steal from your systems. This session will outline solid ethical hacking techniques and teach the skills you need to find if your network and its hosts are vulnerable to hacking exploits. Best of all, all the tools for the session can be found on the Ultimate USB Stick you’ll use in this session. This is a mission-critical seminar if you’re serious about protecting your intranetwork from hackers and crackers!
Wednesday, May 14
TS24Repel the Crackers - Best Practices in Securing Windows Passwords
Derek Melber
9:45 a.m.
Many, perhaps even most companies have horrible password policies – maybe even yours. Hope is not lost! With both old and new options in Windows, you can have more control over passwords than ever before. You can beat the pathetic LM hashes, you can beat Rainbow tables, you can even configure different granular password policies in Windows Server 2008 domains now! Come see where you are insecure and what you can do to fix it!
TS29Securing Window PowerShell
Don Jones
11:15 a.m.
Is your environment ready for Windows PowerShell - from a security perspective? Before you know it, Windows PowerShell will be running on dozens, if not hundreds of thousands, of your computers, and if you don't know what you're doing it could become a significant security vulnerability. Let PowerShell expert Don Jones show you how PowerShell interacts with Windows, where the "back doors" are, and exactly how you can have a safe and secure Windows PowerShell environment.
TS34Hardening Windows Systems, Vista 2008
Mark Minasi
2:30 p.m.
Everyone knows Vista’s just bigger and slower than XP, right? Well, now that it’s been out a year, the numbers are in… and Vista’s more secure, bug-wise! But it’s got technologies that, if properly used, reduces the bad guy’s abilities to attack your workstations. Join Mark Minasi, the author of Administering Windows Vista Security: The Big Surprises, to get the scoop on locking down your Vista workstations!
TS39Digital Certificates and Security: PKI Fundamentals
Bruce Rougeau
4:00 p.m.
It is clear that every network needs certificates for encryption or secure communications. And even if you do not need it, think how cool it would be to log on with a smart card. This session will demonstrate the Microsoft solution for building a Public Key Infrastructure. We will show how encryption and signatures differ from each other and the proper application of each. We will contrast the many purposes for certificates, and explore whether they should be produced internally or purchased from a well know player like Verisign. Then we’ll look at different options for building a PKI infrastructure and how this is greatly enhanced by bundling it with Active Directory.
Thursday, May 15
TS44Social Engineering
Todd Lammle
8:30 a.m.
Social engineering is the seemingly insidious practice of obtaining confidential information by manipulating legitimate users. A talented social engineer will often use the telephone or Internet to trick people into revealing sensitive information – such as a password or credit card number – or get them to do something that’s normally against policy. And just like that, a savvy hacker can punch right through many of your most sophisticated, technical defenses. This session will help you recognize and defend against social engineering-based attacks.
TS49Current Wireless Attacks and Countermeasures
Todd Lammle
10:00 a.m.
Based on the popular Wireless LAN Security Assessment Toolkit course – this session shows some of the current wireless attacks and what you can do to counteract them in your organization. Come and explore the ‘dark side’ of WLAN hacker tools. We’ll also look ahead to next-generation security methods so you can make well-informed decisions about WLAN security policies. Take the plunge into Wireless LAN Security!
TS54Protecting and Securing your Group Policy Assets
Derek Melber
11:30 a.m.
Group Policy is not inherently insecure… but it is easy to make it so. The GPMC has some great features that allow you to protect your Group Policy infrastructure. The delegation within the GPMC will get you to a good secure state. However, if you want the ultimate in Group Policy security, wait till you see Advanced Group Policy Management (AGPM). This will allow you to delegate, track, audit, and secure your way to the best Group Policy implementation possible!
TS59 Windows Vista: The Hidden Truth
Mark Minasi
2:45 p.m.
Vista’s more than just a pretty face. Its security innards have been ripped out and replaced with a new and almost completely different security engine. But it’s not just security geek internals, it’s some whole new paradigms. For example, what’s going on with those User Access Control dialog boxes behind the scenes? Think you know what’s in a SID? Not any more... and get ready for a whole new layer of security, the Windows Integrity Level (WIL). WIL’s the thing that could make it nearly impossible for you to delete any file in System32, even if you’re an administrator. Have we got your attention now? Then don’t miss this session!
TS64Sharepoint Security
Rick Taylor
4:15 p.m.
Securing your sites, site collections and Web applications can be a confusing task. Throw into the mix the Enterprise Features of Excel Services or Business Data Catalog (BDC) and you may get lost in the confusion. Come to this session to find out how to secure your MOSS infrastructure in a methodical way that takes the confusion out and puts the simplicity in.
