« Anvil... one month later | Main | Scaling Anvil for larger organizations »

Demoing RWW-Guard and Anvil at SMBNation

So yesterday I did a presentation at at the Microsoft Conference Center for SMBNation on strong authentication for small business. I showed how you can use RWW-Guard with CryptoCard's Cryptoserver and with Scorpion Software's Anvil SAS to offer two-factor authentication in Remote Web Workplace.

It was great fun. And just before my presentation a colleague of mine from the US's Department of Justice sent me an interesting paper on the "Analysis of Department of Justice Prosecutions 1999-2006", which I used in my presentation to further define the problem of static reusable passwords. Some interesting real world statistics on what they are seeing during their prosecutions:

  • Most crimes, 84 percent, could have been prevented if the identity of the users connecting were checked in addition to user IDs and passwords
  • Losses from stolen IDs and passwords far exceeded damages from worms, viruses, and other attack methods not utilizing logon accounts
  • Vast majority of attackers, 78 percent, committed crimes from their home computers; most often using unsanctioned computers with no relationship to the penetrated organization

Never been a better time for the release of Anvil this fall.

Of course, lots of interest in RWW-Guard and Anvil. Some interesting deployments have already been identified, like using Anvil + RWW-Guard to provide better control of employee access to remote SBS servers in a managed environment. Imagine... if you are managing 25 SBS boxes and an employee leaves, it will typically take you 12-25 HOURS to reconfigure each server's administrative credentials. Not just the password... but all the service passwords as well. With RWW-Guard and Anvil... you simply revoke the employees token, removing his ability to log into the remote servers at all. Some guys are managing upwards to 50 to 200 servers, and this can literally save thousands of dollars in maintenance costs.

Apparently there is some voting going on, and I am in the running to repeat the session on Sunday. If you didn't get a chance to catch the presentation and you are on the Microsoft campus, you might be able to catch it tomorrow! We'll see how it goes.

Posted by Dana Epp on September 9, 2006 09:52 AM |

TrackBack

Listed below are links to weblogs that reference Demoing RWW-Guard and Anvil at SMBNation:

» [Guest Blogger] Dana Epp on Security Myth: Only Large Teams Can Write Secure Code from Security for Canadian Developers
Dana Epp (Chilliwack B.C.) [Guest Bloggers] Security Myth: Only Large Teams Can Write Secure... [Read More]

Tracked on September 19, 2006 09:51 PM

Comments

Was just about to ask you if you could share the paper, but I found it at http://www.net-security.org/dl/articles/Report-DOJ_Computer_Crime_Prosecutions.pdf

Posted by: Ryan | September 11, 2006 09:52 AM

I do miss your blog ... especially now when things starts to get commercial ...:-)

Danish greetings
Nicolaj

Posted by: Nicolaj S. Lindtner | October 2, 2006 12:13 AM

I'll be sure to make some more posts. I am in the midst of building more automated tests and eventually I hope to show that side of the fence.

Posted by: Dana Epp | October 2, 2006 08:20 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)