Featured Customer Speakers:
Matt Haynes - Senior Manager, Infrastructure Performance Assurance, U.S. Cellular
Sreenivas Kancharla - Senior Manager and Lead Security Architect, Symantec

Featured Analyst:
Jon Oltsik - Senior Analyst, Enterprise Strategy Group

The W Hotel, San Francisco

Please join us for this extraordinary event to get sound implementation strategies from pedigree security and compliance experts. Our speakers were selected based on their experiences in implementing successful data encryption projects from start to finish. Learn how to work through the trials and tribulations of making encryption work to achieve data privacy and compliance, without disrupting day-to-day operations. This is your chance to rub the elbows with industry experts, colleagues facing similar data encryption challenges, and get strategies from the leading provider of data encryption solutions – directly from the source. Exchange and share the experiences related to your specific environment in a casual and inviting setting.

Event Program:
• 6:00 PM – 6:30 PM Cocktails, Hors d’oeuvres
• 6:30 PM – 7:00 PM Welcome Introduction & Research Findings by ESG
• 7:00 PM – 7:20 PM U.S. Cellular Interviewed on Key and Policy Management
• 7:20 PM – 7:40 PM Symantec Interviewed on Data Discovery and Classification
• 7:40 PM – 8:00 PM Q&A
• 8:00 PM – 9:00 PM Reception

You will learn:
• Tried and true “blueprints” for architecting a solid encryption foundation
• How to map data privacy initiatives to business requirements
• How Symantec and U.S. Cellular defined encryption processes to solve critical business objectives
• Post implementation: how to manage and operationalize encryption
• Using encryption as your competitive advantage—why it’s beyond fines and mandates
and more…

SPACE IS LIMITED. Last year’s event was over-booked - Please arrive 10 minutes
early to hold your seat.
https://www.ingrian.com/info/reg_ingr_rsa.html

I’ll be there for at least one or two days. If you are going to be there as well, drop me a line maybe we can meet up at the show. Would be nice to have a chat with some of our readers.

The original wireless security mechanism, WEP (Wired Equivalent Privacy), was quickly shown to have fatal flaws which render it barely better than having no security at all. In fact, perhaps no security at all is better because at least then you know you are insecure and you don’t have the illusion that you may be secure.

Aside from a fundamental flaw in the implementation of the encryption algorithm, one issue with WEP is its reliance on a pre-shared key. Basically, connecting with a WEP-protected wireless network requires that you know what the password, or key is. There is no efficient means of changing the WEP key, and the flaws in the WEP encryption make it trivial for an attacker to obtain the WEP key, so unauthorized access to a WEP-protected wireless network is a relatively simple affair.

WPA (Wi-Fi Protected Access), and subsequently WPA2, are designed to comply with the 802.11i standard which calls for authentication through an 802.1X-compliant or RADIUS server. You can still use WPA in PSK (pre-shared key) mode, and it has superior encryption and automatically cycles the key so it is more secure than WEP. However, requiring users to actually authenticate in order to gain access, rather than just knowing the “magic word”, is significantly more secure and provides a means of logging and tracking access.

There are expensive methods of implementing authentication, and there are cheap methods. You can get RADIUS-enabled wireless switches anywhere from $1,000 to $25,000 or more each. But, if you have Windows Server 2003 in your environment you already have a free solution available to you: Internet Authentication Service (IAS) (it has been replaced with Network Policy Server (NPS) in the upcoming Windows Server 2008).

Of course, there will be an impact to the performance of the server if you add additional roles, so you need to make sure that your server has enough processor and memory horsepower to handle the workload. The authentication solution also requires a user database of some sort. Being a Windows Server based solution, Active Directory springs to mind as the obvious choice. And, depending on the EAP (Extensible Authentication Protocol) method you select you may also require a certificate server of some sort.

Overall though, if you have a Windows Server 2003 network you already possess the technology to secure your wireless network and provide authentication to secure it from unauthorized users. You can find all of the details you need to know to effectively implement IAS authentication on Microsoft Technet.

Initially, all types of content default to “Ask Me Every Time”. In other words, every time you insert a music CD, AutoPlay will take a look at it and prompt you for what action to take. Do you want to play the music with Windows Media Player? Do you want to open the folder to view the files using Windows Explorer? Do you want to take no action whatsoever and just get rid of the pop-up box? You can choose any of those options, and you can also click the little box that says “Always do this for audio CD’s”.

It seems like a reasonable enough feature, something to make your life a little simpler by automating how Windows treats different types of content. Playing music CD’s or viewing movie DVD’s automatically in Windows Media Player rather than prompting you for an action to take may make sense to a lot of people.

There are a couple down sides to this Windows feature though. First of all, once you click the box and instruct Windows to always do “XYZ” for that type of content, it will always do “XYZ” for that type of content. If you then insert an audio CD because you want to rip a song from it, or you want to examine the files contained on the CD itself, you will first have to stop it from playing and exit out of the Windows Media Player you asked it to start. The “always do this” function can be turned off, but it requires more digging. In Windows Vista, you can go to the Control Panel and click AutoPlay to configure the various content options.

The other down side is that you are creating a potential security risk. One of the AutoPlay settings is for Software and Games. You can set this feature to automatically install or run the program. Again, at face value that may sound like a convenience and a reasonable feature to enable. However, if you happen to insert a CD or USB flash drive containing malware, and your AutoPlay function is set to automatically execute or install the software, you have granted Windows carte blanche to run the malware and compromise your system.

In an enterprise domain this can be a very serious concern. You can turn off this functionality through Group Policy. Go to Computer Configuration – Administrative Templates – Windows Components – AutoPlay Policies, and enable the “Default behavior for AutoRun” policy. Then, set the default to “Do not execute any autorun commands”. You should also enable the “Turn off AutoPlay” policy and set the default to “All drives”.