Note-to-self: MVA Learning Path – Security for the Chief Security Officer (CSO)

From a LinkedIn connection (thx Jeff and congratz on the achievement) I received an interesting pointer to a set of courses on MVA, Microsoft Virtual Academy.

An MVA ‘learning path’ is a combination of learning courses.
Just recently MVA published the ‘Security for the Chief Security Officer (CSO)’ learning path.

Check it out at : https://mva.microsoft.com/learning-path/security-for-the-chief-security-officer-cso-21

It combines 6 courses (better make sure to access them from the learning path):

  1. How to Harden Your Enterprise in Today’s Threat Landscape
  2. Cybersecurity Reference Architecture
  3. Cloud Security from the Field

BTW: have a look on the ‘security’ based content on Microsoft Virtual Academy, you’ll be surprised how much you can (continue to) learn.

See: https://mva.microsoft.com/search/SearchResults.aspx#!q=security

Advertisements

Thank you!

This weekend I’ve received some pretty exciting news that I was awarded the 2016 MVP award (Microsoft Most Valuable Professional) for Enterprise Mobility (Identity & Access).

mvp_logo

I’m extremely proud to receive the award, but I never could have achieved this award without your support. So, in the first place I want to thank YOU for supporting me and making it possible. With your help I certainly will continue to support and build the Microsoft and security community with great pride.

A great thanks to Ed Price, Ronen Ariely, Gokan Ozcifci and Jorge de Almeida Pinto for the support and recommendations. (I sincerely hope I haven’t forgotten anyone…) I owe you Belgian beer.

I had the honor to be part of the program earlier, and never have stopped to build and maintain the community with passion for Identity and Access management, but as combining Microsoft FTE with MVP is not possible… I had a break for the years at MS… still it was different.

I’m also extremely thankful that my wife Katrien and my 2 kids can cope with my crazy passion for TechNet Wiki and MS community obsession. This addiction is just so much fun…but I’ll never admit that. (oh ships, just did…)

#FIM2010 newsletter – looking for more interesting resources

Since a while I’ve been on the lookout for interesting, blogs, articles, sites and feeds on FIM 2010.

I’ve been gathering them in a FIM 2010 weekly newletter on paper.li : http://paper.li/geelenp/1364888465/

If you think there are sources missing from this, list, feel free to let me know.

So far, I found these:

And also

Blog feeds are filtered on keywords: FIM, FIM2010, “FIM 2010”, bhold

All suggestions are welcome to peter(at)fim2010(dot)com.

Reviewed for you: Microsoft DirectAccess Best Practices and Troubleshooting (Packt Publishing)

Packt has recently published a new book "Microsoft DirectAccess Best Practices and Troubleshooting". (http://aka.ms/PacktPub_DA_Troubleshooting)

A few weeks ago I was asked to review the book.

Written by Jordan Krause a Microsoft MVP in Enterprise Security, and specializes in DirectAccess.

Packt Publishes advertises this book is an ideal guide for any existing or future DirectAccess administrator and system administrators who are working on Windows Server 2012.

This book will also be beneficial for someone with a basic knowledge of networking and deployment of Microsoft operating systems and software who wants to learn the intricacies of DirectAccess and its interfaces.

It’s a pretty condensed book of 116 pages in total, of which 98 technical content.

Structured in 5 chapters:

Chapter 1: DirectAccess Server Best Practices
Chapter 2: DirectAccess Environmental Best Practices
Chapter 3: Configuring Manage Out to DirectAccess Clients
Chapter 4: General DirectAccess Troubleshooting
Chapter 5: Unique DirectAccess Troubleshooting Scenarios

From a technical standpoint of view, it’s an interesting read, with lot of interesting advice.

It is quite confusing that the author discusses topics which are explained in a later chapter.
ISATAP for example. Chapter 2 discusses IPv6 vs ISATAP, while chapter 3 explains the ISATAP definition ( Intra-Site Automatic Tunnel Addressing Protocol).

To build the story in the book, it would make more sense to explain the basics first as it’s key information to the topics discussed and explained. It’s a good practice to set a common ground and vocabulary first, to start off on the right foot.

But when I say condensed, it really is condensed and not only on content level. Regarding readability, some of the pages are large blocks of heavy text, long sentences, barely using white space or paragraphs. Sentences reaching 4 lines require you to read the sentence again.

Shorter sentences and using more paragraphs is a simple fix.

Although the book is packed with valuable information, I’m a bit disappointed in the fact that the book does not get it’s full potential.

It would greatly improve by putting all hints & tips in a quick list (eg in an additional chapter or quick reference card), and/or gathering the do’s and don’ts in an action list like:

Please remember:

  • There are 3 platforms providing Direct Access: Windows 2008 R2, UAG and Windows 2012. Majority of DA deployments are covered by UAG and Windows 2012 as Windows 2008 R2 is quite difficult to handle.
  • Clients must be Windows 7 Enterprise, Windows 7 ultimate or Windows 8 Enterprise
  • Windows 7 pro and Windows 8 Pro do not support Direct Access (See: http://support.microsoft.com/kb/2756536)

Practical Hints & tips

  • The default gateway setting must only be defined on the external NIC
  • Name your NICs intuitively (chapter 1)
  • Set NIC binding correctly (chapter 1)
  • disable NICs not in use (ch.1)
  • Check Receive Side Scaling (RSS) (ch.1)
  • Enable spoofing of MAC addresses on VMs (ch.1)
  • Add static routes
  • Choose proper hostname
  • Join domain
  • Prestage the computer account
  • IP-HTTPS
  • DA must be a remote access platform and nothing else
  • Don’t use the Getting started wizard … + reasons (see chapter 1 of book)
  • Run the full Remote Access Setup Wizard
  • Create your own GPOs (ch.2)
  • Do not host the NLS website on the DA server
  • Set Teredo to Enterprise client
  • Use DNS Round Rbin for DA CLuster (ch.3)
  • Set client side firewall rules for each protocol needed (ch.3)
  • … (and so on)…

Furthermore, in the technical section in the book you won’t find any links to useful references, although there are plenty of opportunities to put in added value, again.

PacktPub has extremely good books that support this book:

  1. Windows Server 2012 Unified Remote Access Planning and Deployment
  2. Microsoft Forefront UAG 2010 Administrator’s Handbook
  3. Mastering Microsoft Forefront UAG 2010 Customization

Sorry, correction, the commercial part at the end refers to one of them.
But that’s not the author’s credit.

    There is a massive amount of additional reading and in depth material out-there, which the author could refer to. I’ll come to that in a second (cfr NRPT)
    I would love to get some insight in the list of hyperlinks the author frequently uses regarding this topic. Show me your favorites, man!
      The author explicitly targets existing DA administrators and “anyone interested in learning more about the technology before diving in for themselves”.

    But the index at the end of the book is missing essential acronym definitions.

    It would be nice to give the explanation with the acronym, like

    DIP, see Dedicated IP, 62,85
    UAG, see Unified Access Gateway, 36
    NRPT,see Name Resolution Policy Table, 50
    NAT, see Network Address Translation, 35-37
    GSW, see Getting Started Wizard

    One stunning example is NRPT, which is frequently touched in the book, but never explained.

    Even in the simplest case a reference to some useful resources would have helped, like:

      So, I’m hoping that Packt Pub will fix the gap.

    Despite, I still consider the Microsoft DirectAccess Best Practices and Troubleshooting book as a quick reference and a companion guide for Direct Access Administrators.

    An additional (online) reference list will make this book on DirectAccess rock, like Jordan kicks off with on page 1.

    And why not building that online reference on Technet Wiki?

    Note to the layout team: a small detail to make it complete: when you use justified layout (left and right aligned), that would make the book more polished.

    Microsoft Forefront Identity Manager 2010 R2 Handbook – shortcuts

    As you know (or not) I’ve been involved in reviewing Kent Nordstrom’s book… (http://konab.com/fim-2010-r2-book/)

    You can order print and/or E-book at: http://aka.ms/FIMR2Book.

    Overview

    Page Chapter Title URL Description
    About the Author http://konab.com
    About the Reviewers http://be.linkedin.com/in/pgeelen Peter Geelen
    About the Reviewers http://aka.ms/FIM_R2_Best_Practices_Vol1 FIM R2 Best Practices Volume by David Lundell
    Support files, eBooks, http://PacktLib.PacktPub.com
    4 Preface http://aka.ms/PowerShellMA Granfeldt PowerShell MA 2.0 used to demonstrate ECMA
    5 Downloading the example code http://www.packtpub.com. extensible connectivity
    10 The Story in the book http://aka.ms/ADFSOverview Implement federation
    10 The Story in the book http://office365.microsoft.com Read more about Office 365
    19 Management agents http://aka.ms/FIMPartnerMA
    20 Management agents http://aka.ms/FIMMA
    28 FIM Licensing http://aka.ms/FIMLicense
    30 3 Installation http://aka.ms/FIMCapacityPlanning Capacity Planning
    32 3 http://aka.ms/SCSM2010Deployment SCSM for reporting
    32 3 http://aka.ms/FIMPlanning
    32 3 http://aka.ms/VirtualizationBestPractices
    35 3 http://aka.ms/FIMLanguagePacks
    35 3 http://aka.ms/SQLCollations
    35 3 http://aka.ms/SCSMCollations
    35 3 http://technet.microsoft.com/en-us/library/hh332707 Technet Site
    37 3 http://technet.microsoft.com/en-us/library/ff461010
    40 3 http://aka.ms/SCSM2010Deployment
    40 3 http://support.microsoft.com/kb/975332 AuthZ Man Hotfix
    49 3 http://blogs.msdn.com/b/chunliu/archive/2010/03/24/why-SharePoint-2010-not-use-kernel-mode-authentication-in-iis7.aspx turn off Kernel Mode authentication
    72 3 http://aka.ms/SCSM2010Ports complete list of ports required by SCSM 2010
    87 3 http://blog.konab.com/fim-2010-r2-book/reporting FIM post-install scripts for Data Warehouse
    93 4 Basic configuration http://support.microsoft.com/kb/303972 Replicating Directory Changes
    98 4 http://blogs.technet.com/b/doittoit/archive/2009/05/20/introducing-hierarchal-provisioning.aspx Hierarchical Provisioning
    101 4 http://aka.ms/FIMPreImportFilter
    104 4 http://aka.ms/FIMDeprovisioning
    116 4 http://aka.ms/FIMRunProfile
    118 4 http://aka.ms/UnderstandingFIMDeprovisioning
    118 4 http://aka.ms/FIMServiceSchema
    130 4 http://blog.konab.com/2011/09/performance-improvements-in-fim-2010-r2
    134 4 http://blog.konab.com/fim-2010-r2-book/basic-configuration/
    161 5 User management http://aka.ms/FIMDRE
    163 5 http://aka.ms/FIMMVExtension
    170 5 http://support.microsoft.com/kb/305144 UAC attribute
    172 5 http://aka.ms/FIMFunctions
    173 5 http://social.technet.microsoft.com/wiki/contents/articles/how-toenable-or-disable-accounts-in-active-directory-domain-service-usingfim.aspx
    200 6 Group management http://msdn.microsoft.com/en-us/library/cc223142 Group Type bitmask
    206 6 http://aka.ms/FIMAddIn Add-ins & extensions
    251 7 Self-service Password Reset http://aka.ms/FIMR2Upgrade
    254 7 http://aka.ms/SSPRconfigureSMSOT
    262 7 http://aka.ms/FIMR2QuickStart
    276 8 FIM & Office 365 http://fimattributestore.codeplex.com ADFS 2.0 Attribute Store for Forefront Identity Manager
    277 8 http://fim.codeplex.com .
    279 8 http://www.pointsharp.com
    285 9 Reporting http://technet.microsoft.com/en-us/library/jj133843 Default Report
    289 9 http://technet.microsoft.com/en-us/library/jj133844 ETL Script
    294 9 http://aka.ms/FIMReporting Modifying FIM Reports
    295 9 http://technet.microsoft.com/en-us/library/jj133861 Extending FIM reporting
    297 10 FIM Portal Customization http://aka.ms/CustomizeFIMPortal
    300 10 http://fim2010client.codeplex.com
    314 10 http://aka.ms/FIMxPath
    319 10 http://aka.ms/RCDCRef
    321 10 http://idmcrisis.com/post/2009/11/14/Working-with-RCDCe28099s-in-Visual-Studio.aspx Working with RCDCS in Visual Studio
    325 11 Customizing Data transformations http://aka.ms/FIMFunctions
    328 11 http://aka.ms/FIMWALExample
    328 11 http://aka.ms/ECMA2
    329 11 http://aka.ms/FIMPartnerMA
    329 11 http://aka.ms/PowerShellMA
    331 11 http://aka.ms/FIMFunctions
    337 11 http://aka.ms/DebugExtension
    348 12 Issuing Smart Cards http://aka.ms/CorePKI
    348 12 http://aka.ms/FIMCMandLunaSA
    353 12 https://identityunderground.wordpress.com/2010/05/17/clm-vs-key-recovery-agent-certificatetemplate
    374 12 http://aka.ms/FIMCMPermissions
    387 12 http://fimcmextensions.codeplex.com
    390 13 Troubleshooting http://aka.ms/FIMTroubleshooting
    405 13 http://aka.ms/FIMCMTroubleshooting
    408 13 http://aka.ms/FIMBackup
    408 13 http://aka.ms/FIMCMBackup
    409 13 http://aka.ms/SPFoundationBackup
    410 13 http://aka.ms/CABackup
    411 13 Summary http://blog.konab.com/fim-2010-r2-book
    413 Afterword http://aka.ms/FIMForumTN
    Afterword http://aka.ms/FIM2010Resources
    Afterword http://aka.ms/FIM2010Wiki

    References

    Planning day 2 & 3 on the TechDays 2012

    image

    10:45 – 12:00

    Discover what’s new in Windows 8 Active Directory
    Speaker: Paul Loonen | Level : 300 | Room : 6 |

    13:00 – 14:15

    The Private Cloud, Principles, Patterns and Concepts
    Speaker: Tom Shinder | Level : 300 | Room : 9 |

    14:30 – 15:45

    Toolmaking for Administrators using Windows PowerShell
    Speaker: Jason Helmick | Level : 400 | Room : 7 |

     

    image

    09:00 – 10:15

    Private Cloud Day Session 1: Building your Private Cloud Infrastructure
    Speaker: Kurt Roggen | Level : 300 | Room : 5 |

    10:45 – 12:00

    Private Cloud Day Session 2: Creating & Configure your Private Cloud
    Speaker: Kurt Roggen | Level : 300 | Room : 5 |

    13:00 – 14:15

    Private Cloud Day Session 3: Monitor & Operate your Private Cloud
    Speaker: Mike Resseler | Level : 300 | Room : 5 |

    14:30 – 15:45

    Private Cloud Day Session 4: Automating & Delivering Services in your Private…
    Speakers: Mike Resseler , Kurt Roggen | Level : 3

    Private Cloud Day Session 5: A Solution for Private Cloud Security
    Speaker: Tom Shinder | Level : 300 | Room : 5 |

    00 | Room : 5 |

    16:15 – 17:30

    Join Winsec and Azug for their next event "Developing and deploying Identity-enabled applications for the cloud" (29/09/2011)

    (updated) with presentation link)

    Please find the presentation of the event here:

    Join the #winsecbe and #azugbe event “Developing and deploying Identity-enabled applications for the cloud” http://winsec20110929.eventbrite.com/

    You are invited to the following event:

    Developing and deploying Identity-enabled applications for the cloud

    Joint event of Winsec (Microsoft Security User Group) with AZUG (Azure user group), targetted to IT professionals and Developers.
    We will discuss security with Azure and how to secure your cloud.
    Detailed agenda will follow soon.
    We hope you can make it!
    Really looking forward meeting you there!

    Event to be held at the following time, date, and location
    Sep 29, 2011 6:30 PM – 9:00 PM

    Ordina
    Blarenberglaan 3B
    2800 Mechelen
    Belgium

    View Map

    Attend Event

    Share this event on Facebook and Twitter

    FacebookTwitterLinkedIn

    Eventbrite