Microsoft Qatar did a Security event yesterday at the Four Seasons Hotel, Doha. We started off with an enthusiastic audience of 70+ people.
We kicked off with a presentation on Microsoft Business Ready Security by good ol’ David Maskell, Security SSP – Microsoft Gulf, followed by technical demos.
Fadel Lubbos, Senior Consultant from Information & Communication Technology WLL (ICT) did a demo on Forefront Threat Management Gateway (TMG) – pictured below. ICT is Microsoft Gold Certified Security Partner.
Below are pictures of me doing my demo on Microsoft Unified Access Gateway (UAG) and DirectAccess.
Fazil Rahim, CEO of Entelyst, did a demo on Active Directory Rights Management Services (AD RMS). Entelyst is a Microsoft Gold Certified Partner specializing in security solutions.
I recently got a new VISA credit card from a bank in Qatar. The system-generated PIN for the card came in a tamper-evident envelope by postal mail along with the card.
Following a well-known security best practice, I decided to change the PIN on the card immediately. So today, I went to my nearest ATM machine and inserted the credit card. There was no option to change the PIN from the ATM machine.
Puzzled,I went ahead to call the bank’s customer care unit at about 17:45 today, the 10th of January. An impolite, yet ignorant customer care agent answered my call and I had an interesting discussion. Here’s a re-collection from memory:
***
Me: I have a QIIB credit card and I want to change the PIN. How do I do that?
Customer Care Agent: You can’t change your PIN.
Me: What? What if I NEED to change the PIN
CCA: They will issue you a new card.
Me (more puzzled): What if someone sees my PIN and I want to change it immediately?
CCA: You have to contact your branch. They will cancel your card and issue you a new one.
Me: WOW. Is that your bank’s policy? Why??
CCA (stereotypically): This is from Credits Card Department – they told us like this.
Me: Usually, all banks tell us to change our PIN regularly – its safer.
CCA (rude, and arguing):No, no – THIS (not changing the PIN) is safer.
Me (agitated): What if I’m shopping with my credit card at a store and while I’m entering my PIN someone sees the PIN. What do I do?
CCA: You shouldn’t let others see your PIN.
Me: I know that. But what if someone sees it? (repeat) All banks ask us to change our PIN regularly for security purposes.
CCA: Didn’t you know about this when you applied for the card?
Me: No
CCA (rude and blunt): This is the year 2010. How come you don’t know?
(I should have probably asked him that question first)
Me: I know this is the year 2010. And I know that changing the PIN regularly is more secure. For your information, I work in the Information Security space and I know what I’m talking about!
Just tell me if it’s your bank’s policy not to allow changing PIN on credit cards?
CCA: Yes. that’s the policy.
Me: OK – that’s all I want to know, I already know it’s 2010. Good bye.
***
That was a thoroughly agitating experience.I don’t know if all banks follow this policy, but to me this is ridiculous. I’m leaving this thread open to your comments – write a comment below on what you think about this encounter and the PIN change policy.
As for me, I’ve decided to keep a lower credit limit and use the card solely for online shopping, where I don’t need to enter a PIN.
Microsoft Forefront Threat Management Gateway has been released to market on November 16, 2009 after completing three beta releases and receiving extensive customer feedback.
You can download the trial version of Threat Management Gateway here.
From the Forefront TMG team’s blog:
“Forefront TMG is a Secure Web Gateway (SWG) that improves security enforcement by integrating multiple detection technologies such as URL filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage solution. We have seen a lot of interest in the features that comprise this solution, so here is some information on what they do and how:
URL Filtering: URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or nonproductive materials, based on URL categories. TMG features over 80 URL categories including security-oriented categories, productivity-oriented and liability-oriented categories. Forefront TMG uses Microsoft Reputation Services (MRS), a cloud-based categorization system hosted in Microsoft data center. To ensure the best bandwidth utilization and low latency, Forefront TMG has implemented a local URL cache. There is a lot more on URL Filtering available in an earlier URL Filtering post (on the TMG blog).
Anti Malware: Stopping malware on the edge significantly decreases the possibility that a virus will hit a computer with anti-virus signatures that are not up-to-date or a test computer without an anti-virus to protect it. TMG has integrated the Microsoft Anti Malware engine to provide world class scanning and blocking capability on the edge.
Network Inspection System (NIS): NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities, to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities, researched and developed by the Microsoft Malware Protection Center – NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution.NIS closes the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours.
In addition, HTTPS scanning has been introduced to enable inspection of encrypted sessions, eased the deployment and management with a set of easy to use wizards and significantly improved logging and reporting to provide full visibility into how your organization is accessing the web and whether it’s compliant with your organization’s policy.
VPN, Firewall, Email Protection and Infrastructure. Significant investments have been made to ensure that we keep delivering top notch VPN and Firewall functionality. We made quality improvements in Web Caching and made sure it works well with the new Windows 7 BranchCache feature. We have added several new features, among them: Email Protection, ISP redundancy, NAP integration with VPN role, SSTP, VoIP traversal (SIP support), Enhanced NAT, SQL logging and Updated TMG Client (previously known as the Firewall Client). In addition TMG was built as a native 64bit product that supports Windows Server 2008 R2, and Windows Server 2008 SP2, allowing better scalability and increased reliability.”
Forefront is in pretty good shape here, especially when you compare it with McAfee, Symantec and the likes. Forefront also did well on the VB100 list, meaning it was able to detect 100% of the WildList malware samples without any false positives.
Windows 7 comes with a cool new feature called ‘BitLocker To Go’, which is a disk encryption mechanism to protect USB flash drives.
USB flash drives are becoming ever so common thanks to their small size, ease of use and low cost. Users often carry critical or sensitive data on USB drives and carry it outside the organization. A lost USB drive containing sensitive could mean unimaginable implications for the organization, and this is where BitLocker To Go can help.
BitLocker, first introduced in Windows Vista, has become an important encryption method when it comes to increasing security of laptop computers by encrypting the hard drives.
In Windows 7 beta, you can take security one step further by making use of the BitLocker encryption feature for USB flash memory, external hard disks and other removable media.
All you have to do is right click on the drive to be encrypted and choose Turn on BitLocker…
Organizations can also enforce all users to encrypt removable devices using this feature. IT administrators can manage this centrally via group policy that requires all USB drives to be encrypted even before files can be written to it.
The User Account Control (UAC) feature, first introduced in Windows Vista, helps prevent potentially harmful programs from being executed inadvertently on the computer. UAC notifies the user each time a program uses the administrator privilege on the computer.
While UAC is a powerful means of securing the computer, I know many users find repeated warnings (for known changes) too annoying and eventually end up turning UAC off altogether, thereby compromising security.
Windows 7 Beta adds more granular control over UAC notifications. There are four levels on UAC:
Most secure: Always notify and dim the desktop till the user responds
Default: Notify only when programs try to make changes (not when user makes changes)
Notify progams only but don’t dim desktop (lets the user do other stuff while the message is on)
Bahrain has been identified as the worst affected Middle East country in a Microsoft report on Malware infection. The report also suggests that Bahrain has the second highest malware infections in the world, only next to Afghanistan.
The report features Bahrain, Egypt, Iraq, Saudi Arabia, Turkey, Jordan, Lebanon, Yemen and the UAE in the worst 25 countries affected by Malware infection.
The Security Intelligence Report measures malware infection by recording the amount of times that malware is detected in every thousand uses of the Microsoft Malicious Software Removal Tool (MSRT). MSRT is a free tool that is designed to remove the most common or damaging malware and is downloaded and executed as part of Windows Update. The tool is run on average 400 million times per month, and collects non-personal data on infections. Statistical data for this report is derived from MSRT.
The GCC infection rates, in decreasing order: Bahrain (29.2), Saudi Arabia (22.3), UAE (17.3), Qatar (16.1), Kuwait (15.9), Oman (15.3). All GCC countries showed an increase in infection from last year, except for UAE, which has shown a 4.8 decrease from 2007.
The presence of a significant number of GCC countries in the worst 25 list underlines the need for bringing in more awareness in the user and IT Pro community about the prevention techniques and the technology that is required to proactively ensure immunity from such threats.
Afterthought: Technically speaking, it could also be possible, that there are even worse countries – where MSRT itself is never run on computers because they simply don’t run Windows Update! Such countries may not be appropriately placed in this list
Microsoft Windows Live OneCare will soon be replaced by a free-of-cost client security offering code-named "Morro". "Morro" will be standalone anti-malware protection for Windows XP, Vista and the upcoming Windows 7 OS.
Being a standalone security offering, this will be best-suited for home users and small businesses. Enterprise customers will still have the ForeFront Client Security Product for protecting their clients.
I believe providing "Morro" free-of-cost to home users is an intelligent investment, as the inputs from thousands of "Morro" users worldwide will help Microsoft gather more threat data for analysis and to respond to threats faster by reducing the time required to develop and release definition updates – for the enterprise customers that run ForeFront Client Security. Of course, "Morro" users will also receive these definition updates.
Microsoft will discontinue the Windows Live OneCare product in the second half of 2009 when "Morro" becomes available.
Microsoft Forefront Threat Management Gateway has been released to market on November 16, 2009 after completing three beta releases and receiving extensive customer feedback.![RAP-quadrant-Apr-Oct09-med[1]](http://lh5.ggpht.com/_lSGuEfogrPw/Svhkf9Qx_iI/AAAAAAAABjw/w-agRUqdkcU/s1600-h/RAP-quadrant-Apr-Oct09-med%5B1%5D%5B3%5D.jpg "RAP-quadrant-Apr-Oct09-med[1]")
