" /> Project Anvil: September 2006 Archives

« August 2006 | Main | October 2006 »

September 09, 2006

Demoing RWW-Guard and Anvil at SMBNation

So yesterday I did a presentation at at the Microsoft Conference Center for SMBNation on strong authentication for small business. I showed how you can use RWW-Guard with CryptoCard's Cryptoserver and with Scorpion Software's Anvil SAS to offer two-factor authentication in Remote Web Workplace.

It was great fun. And just before my presentation a colleague of mine from the US's Department of Justice sent me an interesting paper on the "Analysis of Department of Justice Prosecutions 1999-2006", which I used in my presentation to further define the problem of static reusable passwords. Some interesting real world statistics on what they are seeing during their prosecutions:

  • Most crimes, 84 percent, could have been prevented if the identity of the users connecting were checked in addition to user IDs and passwords
  • Losses from stolen IDs and passwords far exceeded damages from worms, viruses, and other attack methods not utilizing logon accounts
  • Vast majority of attackers, 78 percent, committed crimes from their home computers; most often using unsanctioned computers with no relationship to the penetrated organization

Never been a better time for the release of Anvil this fall.

Of course, lots of interest in RWW-Guard and Anvil. Some interesting deployments have already been identified, like using Anvil + RWW-Guard to provide better control of employee access to remote SBS servers in a managed environment. Imagine... if you are managing 25 SBS boxes and an employee leaves, it will typically take you 12-25 HOURS to reconfigure each server's administrative credentials. Not just the password... but all the service passwords as well. With RWW-Guard and Anvil... you simply revoke the employees token, removing his ability to log into the remote servers at all. Some guys are managing upwards to 50 to 200 servers, and this can literally save thousands of dollars in maintenance costs.

Apparently there is some voting going on, and I am in the running to repeat the session on Sunday. If you didn't get a chance to catch the presentation and you are on the Microsoft campus, you might be able to catch it tomorrow! We'll see how it goes.

Posted by Dana Epp at 09:52 AM | | Comments (3) | TrackBacks (1)

September 01, 2006

Anvil... one month later

Its now September 1st. With August behind us I thought I would screencast the results, and talk about where we are.

Over all, I am quite happy with the progress. We have a working strong authentication server (SAS) that properly authenticates against CryptoCard KT hardware tokens. That was my vision at the beginning of last month... and that is the reality now.

So what next? Well, there is still a lot to be done before its ready for sale. It will have to go through some major testing. The product needs to become a solution, which will include documentation, an installer, a website, marketing materials etc. And I still have a company to run with other products, so much of my focus will need to be there. RWW-Guard is in its final beta stages as we prepare to start selling it, and the first few weeks of September will be focused on that, while Anvil gets shelved a bit. We will of course continue to dog food Anvil and use it in house... but it won't be until next month that we start installing it on external networks.

I will continue to blog the progress here... but it may be a bit infrequent compared to the amount of blogging I did in August. As we move forward in readying the product for commercial release, I will be sure to invite you to join me as we take it to release.

Thanks for tracking my progress. I do hope I was able to share in my experience over the month. I wish you the best in your own software development!

Anvil One Month Later Screencast [Flash ~3.5MB]

Posted by Dana Epp at 10:46 AM | | Comments (4)