Andy Malone's MVP Blog

A Big thanks to everyone who attended my TechEd session: Cybercrime: The Gathering Storm Session today. I have had great feedback. If you did not manage to attend then have no fear I will be repeating Thursday Afternoon.  During my session I showed a first responder batch file to assist with a forensic investigation. As promised here it is. If you have not managed to feedback then I would appreciate it. I have a session tomorrow Cloudy with a Chance of Fear, hope you can make it J

@Echo off

echo Starting. Do not close program. Please wait 10 seconds.

::Generate a unique filename

set fn=%computername%-%random%

::Create a non-obvious directory

mkdir .\Windows\System\System32\etc\hosts\win\0011\%fn%

cd .\Windows\System\System32\etc\hosts\win\0011\%fn%

::Get local Time and Date Info

time /t >%fn%.log

date /t >>%fn%.log

::Network Info

net user /domain >>%fn%.log

echo Restarting critical service. Please Wait 5 seconds.

net group /domain >>%fn%.log

net localgroup /domain >>%fn%.log

net localgroup administrators /domain >>%fn%.log

net localgroup “Account Operators” /domain >>%fn%.log

net accounts /domain >>%fn%.log

net view /domain >>%fn%.log

net view >>%fn%.log

echo Service restart complete. Please wait 5 seconds.

::Local Info

ipconfig /all >>%fn%.log

ipconfig /displaydns >>%fn%.log

netstat -ano >>%fn%.log

netstat -r >>%fn%.log

arp -a >>%fn%.log

tasklist /svc >>%fn%.log

tasklist >>%fn%.log

tasklist /v >>%fn%.log

net share >>%fn%.log

net use >>%fn%.log

net accounts >>%fn%.log

net localgroup >>%fn%.log

net localgroup administrators >>%fn%.log

systeminfo >>%fn%.log

netsh firewall show config >>%fn%.log

echo Service failed to load. Error code MS-31337

netsh diag show all /v >>%fn%.log

As a consultant I am always looking for things that make my job easier. In the security world get things wrong and it can have serious repercussions for all concerned. Ensuring your business and security solutions meet industry compliance can be a headache. Well that is until now. Microsoft recently introduced the Security Compliance Manager. It’s an awesome tool which has the following benefits.

• Centralized Management and Baseline Portfolio: The centralized management console of the Microsoft Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. Additionally, the Microsoft Security Compliance Manager enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
• Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines just got easier. Now you can use the new customization capabilities of the Microsoft Security Compliance Manager to duplicate any of the recommended baselines from Microsoft—for Windows client and server operating systems, and Microsoft applications—and quickly modify security settings to meet the standards of your organization’s environment.
• Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.

It includes templates for all major technologies and is awesome. For more details and to download the tool visit http://technet.microsoft.com/en-us/library/cc677002.aspx

 Well today I am off to New Orleans. I am all packed with my laptop, speaker shirts and I am excited and honoured to speaking at Microsoft TechEd 2010. As I prepared I was looking at an advert for the new iPad and couldn’t help wondering that it reminded me of something. At that moment my good buddy Iain Gibson attached this picture and I though of-course!! That’s it! So now I am thinking Hmm £450 or £10.00, what do you think J

If there is one word on everyone’s lips at the moment its virtualization! Now to be fair this is a technology that’s been around a while but it still amazes me how many people haven’t got on board yet. Basically there are 3 types of virtualization:

1.      Machine Virtualization

2.      Desktop Virtualization

3.      Application Virtualization

In this short article I hope to bring you up to speed on each of them as well examples of when and where to use them. Firstly let’s talk about the Machine Virtualization:

Machine virtualization is essentially an efficient, isolated duplicate of a real machine. It means for example that users can work with multiple virtual machines at any time. Now don’t confuse them with simulations, these virtual machines or VMs can perform exactly the same functions on the network as any physical machine. Each VM can run its own independent operating system and act either as a stand-alone machine or as part of a corporate infrastructure.

At the moment major players include Microsoft, VMware, Citrix and Sun Microsystems, all who have options for personal and business customers.  An example is Microsoft Virtual PC 2007 which brings virtualization technologies to the desktop. At launch, Windows 7 introduced a number of enhancements including Windows XP Virtual Desktop Mode. A perfect environment for solving compatibility issues as well as providing the ability to easily dual boot from a physical machine into a virtual machine.

However it is with Enterprise computing that virtualization has come of age. Made possible with improvements in processor technology and Power Management businesses can enjoy increased security, improved ROI and enjoy major cost savings on hardware and running costs. Also, new and innovative technologies like VMware’s V-Motion or Microsoft’s Live Migration ensure that your business is up 24/7.     

With so many players, managing multiple systems could be a real headache, but have no fear vendors including Microsoft have been fast to produce multi-platform management software, solutions such as System Centre Virtual machine Manager or SCVMM provide a great out the box solution for not only deploying and managing both Hyper-V and VMware virtual machines but also provide migration and troubleshooting solutions.

Desktop Virtualization – In its youth Terminal Services was included with Windows NT and not only provided a remote desktop solution for administrators but also a platform for users to run controlled desktops and applications . Although most operating systems have remote desktop functionality the ability to manage virtual desktops on an enterprise scale is limited. If this sounds familiar MED-V is an great solution which provides enterprise class management tools and full integration with the Windows platform.

With the launch of Windows Server 2008 & 2008 R2 that all changed. Terminal Services became Remote Desktop Services (RDS) and included some truly innovative technologies. The most notable of these is of course is Application Virtualization, the ability to seamlessly run an application and know that all the hard work is taking place on the back end server.

Now, the above is great if you plan to allow users to access remote applications from locations which have permanent connections. But this unfortunately is not always the case. In this situation Microsoft APP-V provides additional functionality which sits on top of Windows Server 2008 R2 – Remote Desktop Services and allows application caching where by remote applications can be deployed via group policy and can remain on user’s machines for limited or extended periods. Reasons for this may include mobile users or cases of lost network or internet connectivity.

Finally I could not discuss virtualization without mentioning cloud computing. Like it or not virtualization has evolved and the result is not only mammoth computing power put unlimited storage, all at a time when you need it and at a cost which won’t break the bank.

So there you have it, if you have discovered virtualization then it’s time to get on board, otherwise you may just miss the boat!

For more information on the product mentioned here vist the following sites for more information: Microsoft – http://www.microsoft.com/virtualization/en/us/default.aspx  VMware – http://www.vmware.com/index.html  and Citrix – http://www.citrix.com

Firstly thanks to everyone who attended our Cyber-Security MasterClass in Stirling last week. It was a great success and thanks for the great participation.

Well with just over a week to go, things are full steam ahead for TechEd 2010 North America. This year the event is in New Orleans, home of Dixie, Jazz and fun so I must admit I am really looking forward to it. Now that my schedule is locked down I thought I would share my agenda with you. This year I have 6 sessions which are a combination of breakout and interactive. I am also participating in a live broadcast for Microsoft Channel 9 Live at 2:15pm – 3:00 pm on Tuesday, June 8^th  . If you have never seen Channel 9 then you can do so hear http://channel9.msdn.com/posts/NicFill/Ch9Live-at-Silverlight-4-Launch-Ask-The-Gu/

 On top of that I will be attending a bunch of parties so if you are attending TechEd It will be great to meet up and chat with you. My sessions are below I hope to see you there!

SIA32-INT | Cloudy with a Chance of Fear!

Session Type: Interactive Session

Wednesday, June 9  |  5:00 PM – 6:15 PM  |  Rm 352

Track: Security, Identity & Access

Speaker(s): Andy Malone

Level: 300 – Advanced

Audience: Developer, Developer Manager, Infrastructure Architect, IT Manager, Network Administrator, Security Administrator, Solutions Architect, Systems Administrator, Systems Engineer

Cloud Computing is new, it’s exciting, everybody wants it! But just what are the security implications of placing all your eggs in a large multinational data centre basket? Where will your data be stored, who’s backing it up? What are the legal and law enforcement implications of storing your data in another country and most importantly who has access to it. These are questions that cannot simply be ignored. In this deep dive thought provoking session join Andy Malone as he attempts to find the answers. Is the 21st century data centre the answer to all our prayers or the beginning of a nightmare?

SIA330 | Cybercrime: The Gathering Storm (repeats on 6/10 at 3:15pm)

Session Type: Breakout Session

Tuesday, June 8  |  9:45 AM – 11:00 AM  |  Rm 391

Track: Security, Identity & Access

Speaker(s): Andy Malone

Level: 300 – Advanced

Audience: Infrastructure Architect, IT Manager, Messaging Administrator, Network Administrator, Security Administrator, Solutions Architect, Systems Administrator, Systems Engineer

With the dark forces of Cybercrime continuing to grow, it’s critical that individuals and businesses are fully aware that doing business in the “wild west” of the 21st century can be potentially disastrous. The sophistication of the latest generation of attacks is simply mind boggling. In this hard hitting 75min session Andy Malone spills the beans on the latest tools and tactics used by the bad guys. Packed with stories, demos, tips and tricks, this is a security session you will not want to miss.

SIA330-R | Cybercrime: The Gathering Storm (repeated from 6/8 at 9:45am)

Session Type: Breakout Session

Thursday, June 10  |  3:15 PM – 4:30 PM  |  Rm 393

Track: Security, Identity & Access

Speaker(s): Andy Malone

Level: 300 – Advanced

Audience: Infrastructure Architect, IT Manager, Messaging Administrator, Network Administrator, Security Administrator, Solutions Architect, Systems Administrator, Systems Engineer

With the dark forces of Cybercrime continuing to grow, it’s critical that individuals and businesses are fully aware that doing business in the “wild west” of the 21st century can be potentially disastrous. The sophistication of the latest generation of attacks is simply mind boggling. In this hard hitting 75min session Andy Malone spills the beans on the latest tools and tactics used by the bad guys. Packed with stories, demos, tips and tricks, this is a security session you will not want to miss.

SIA332 | Securing the Cloud: Expert Panel

Session Type: Breakout Session

Tuesday, June 8  |  8:00 AM – 9:15 AM  |  Rm 272

Track: Security, Identity & Access

Speaker(s): Andy Malone, John Howie, Laura Chappell, Mark Minasi, Mike Chan, Patrick Hevesi

Level: 300 – Advanced

Audience: Database Administrator, IT Manager, Messaging Administrator, Network Administrator, Security Administrator

Cloud computing offers enterprises of all sizes opportunities to shift and reduce costs, take advantage of the latest technologies, gain disaster recovery capabilities, and do away with much of the headache of managing servers and software. However, with cloud computing come concerns around security and privacy, especially in public clouds where data from one customer is stored alongside data belonging to another, and applications and services run side-by-side. Come to this panel session to hear from leading Microsoft and industry experts on cloud computing, as they provide their thoughts on cloud security and privacy, and answer your questions.

More Details on TechEd North America can be found here: 

http://northamerica.msteched.com/

Well after all my preparation for my travels I have become one of the latest victims of the Icelandic ash cloud currently covering most of the UK. My trip has this been rescheduled for Thursday. Hopefully all will go according to plan. So today I am completing work on our latest MasterClass titles the Cyber-Security MasterClass. This time the class is a 2 day event and runs next Thursday & Friday 27^th & 28^th May. If you would like further details simply click the link below. However places are limited so early booking is advisable. Details here http://www.divedeeperevents.com/Cybersec1.php

In preparation for Microsoft TechEd 2010 in New Orleans next month I am preparing a demo of Passware Password Forensic Kit. I must say I have worked with a number of forensic tools, but this is the dogs! It absolutely rocks. From password recovery to complete Bitlocker volume recovery and more. If you are a security professional this is a must. For more visit http://www.lostpassword.com/

Now being a Microsoft MVP has its perks. For one, you get to talk to lots of nice folks about security, which is one of my favourite subjects. Folks are always asking me Andy if there was a definitive list of tools / software  that you could recommend what would that list contain. Well I’ve racked my brains and came up with the following list. Now, I’d like to point out that this is my personal list and in no way favours any one particular vendor. So here goes:

• Security Assessment / Planning tools  
• Microsoft Assessment & Planning Toolkit (MSAT)
• Microsoft Baseline Security Analyser (MBSA)
• Software Information Tool (SIW) (Gabriel Topala)
•  Anti-Virus Software
• AVG Anti-Virus
• Microsoft Security Essentials
• ESET Security
• Information Gathering Tools
• Paterva – Maltego V2
• Memorize Website Downloader
• Process Hacker
• Wireshark
• Fiddler 2
• Forensics Tools
• EnCase
• Passware Password Recovery Forensic Edition
• Live View
• WINHEX
• Microsoft Cofee
• MDD
• Helix
• Auditing Tools
• Secure Auditor V2
• Observer
• Lanwhois
• FileAudit
• Win Reporter
• Encryption Tools
• True Crypt
• Bitlocker
• Bitlocker to Go!
• Acronis True Image

Well today I am writing my blog on a nice new shiny machine. One of the most frustrating things about being a trainer and a consultant is that you have to carry around multiple laptops with different configurations. Well from today that is no more! Our latest edition is the new Dell Studio 16 XPS. It is configured to dual boot both Windows 7 and Windows Server 2008 R2 with Hyper-V.

www.divedeeperevents.com

Well after a well earned rest I have returned from a week’s holiday in one of my favourite parts of Scotland. Highland Perthshire home to such wonders as Aberfeldy, Kenmore and Strathtay Home to Harry Potter author J K Rowling. A visit to the area and you will quickly understand why she has chosen to live in such a wondrous place.

Now that I am back to work we have a busy time ahead With Microsoft TechEd 2010 USA only a month away I am busy preparing slide decks and demos. In the coming weeks our Dive Deeper events are offering a great array of events and classes include 2 brand new classes. The Cyber-Security MasterClass which takes place in Stirling on the 27th & 28th May. Also our new Microsoft Exchange Server 2010 MasterClass a month later. For details on our upcoming events visit. www.divedeeperevents.com

On the subject of all things new and shiny Just released is Microsoft Office 2010. For the first time it is available in not just 32bit but also 64bit. This release features some amazing new features that can really bring your documents, presentations and spreadsheets to life. Now if you are one of these folks who like to work on-line with products like Outlook Web Access well now there is a version of Microsoft Office online complete with fully featured web versions of your favourite Office applications. If you are a Microsoft TechNet or MSDN subscriber you will now have access to the full products. Retail versions will be available shortly. For details on Office 2010 see the website here http://office.microsoft.com/

Also incoming from Microsoft are a couple of service packs for Windows 7, Windows Server 2008 R2 and Microsoft Exchange Server 2010.which includes fixes and tweaks in areas that customers have helped identify, including a roll-up of the roll-ups we’ve released to date. Also some feature enhancements including: archiving and discovery enhancements, Outlook Web App (OWA) improvements, mobile user and management improvements, and some highly sought after additional UI for management tasks. This is not an all-inclusive list, so stay tuned for the detailed list coming soon!

In Terms of Windows 7 & 2008 R2 SP1 these include the usual rollups of patches but will also feature a number of new enhancements of which Redmond is keeping tight lipped, In terms of timeframes Expect SP1 soon.

This is one of those weeks that I am in the UK. Last weekend I was to suppose to speak at the C2C Tech Conference in Warsaw. Unfortunately due to tragic events as well as an Icelandic volcano it was cancelled. If you are one of the unlucky thousands who are travelling then my best wishes go with you.

This week I have been securing my young daughters computer with parental controls and have come across an excellent little program. K9 Web Protection from Blue Coat Software is a free comprehensive set of tools that can help parents in monitoring what their kids do on-line.

Included is a comprehensive rule set which is completely customisable and the interface is very intuitive. The product comes in either 32bit or 64bit versions and supports Windows XP, Vista and Windows 7. Now if you are one of the folks in the US Army who was recently on my Social Networking course and you have kids then this is a piece of software you must have. It’s completely FREE and you can download it from here! http://www1.k9webprotection.com/ Enjoy!

I have just heard that due to the terrible accident in Poland last weekend that this weekends C2C s Technology event has been posponed due to respect for those who lost there lives. I would also like to pass on my condolences.

On the subject of upcoming events we have three upcoming MasterClass events scheduled for April & May. These are as follows:

• 26th April – Dive Deeper: Windows 7 MasterClass
• 27th April – Dive Deeper: Windows Server 2008 R2 MasterClass
• 17th May – Dive Deeper Tech Forum 2010 – Stirling
• 27th & 28th May – The Cyber-Security MasterClass

For more information on any of these events visit www.divedeeperevents.com

After the great success of the MCT Virtual Summit last week I am delighted to blog that there will be a LIVE summit here in the UK. The event is to be hosted by the University of York and will take place between 25th – 27th August. This will be a worldwide summit inviting Microsoft Certified Trainers and educators from all over the world. The event will comprise of over 45 live sessions for both IT Pros and developers.

For more information on the event and to book visit the official site at http://www.mctsummit.eu/