Scorpion Software Corporate Weblog

February 21, 2008

Protecting Outlook Web Access with AuthAnvil

Have you ever considered that there is nothing between someone and all your business email, shared folders or contacts except a simple password that can be easily shared, stolen or circumvented? Email has become a vital part of our daily operations, which makes it a primary target for virus, vandals and thieves. And its becoming ever more a concern for businesses around the world.

Today I wanted to show just how easy it is to add AuthAnvil's strong authentication to Outlook Web Access (OWA). If your office is using Exchange and you use OWA for webmail, you might want to check out the short 5 minute video I created that demonstrates just how quickly and easily you can add protection on your own Exchange server. You can watch it here.

Posted by Dana Epp at 04:47 PM | Comments (0) | TrackBack

January 07, 2008

Can AuthAnvil help with password expiration policies?

This weekend I saw an interesting post by Susan Bradley on password complexity policies and the need for a better solution to deal with the pain of frequent password changes. I really started to smile when I saw her say:

And of course with something like www.AuthAnvil.com, you can make that even LONGER of a period to change passphrases.

What she is eluding to is the fact that with the use of strong authentication as a requirement for all your login entry points you no longer need to change it every month (or 42 days if you are using strong Windows password policies). You can easily get away with doing it quarterly, or even longer. Its an interesting byproduct of using strong authentication... you can extend the password expiry so your users don't have to always be changing it.

We changed our own policy from 42 days to quarterly. And its working really well.

YMMV of course. Great post Susan!

Posted by Dana Epp at 12:48 PM | Comments (0) | TrackBack

August 01, 2007

How AuthAnvil helps with PCI DSS compliance

As companies extend their online business processes to encompass the acceptance of credit card payments, they need to ensure that they meet compliance objectives being set forth by major credit card companies. The Payment Card Industry Data Security Standard (PCI DSS) was created as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues.

Today we are releasing a whitepaper that explores the guidance of the PCI standard and demonstrates how AuthAnvil can help to reach compliance objectives.

Of course, if you have any questions about PCI DSS compliance and how AuthAnvil fits in, feel free to contact us.

Posted by Dana Epp at 11:21 AM | Comments (0) | TrackBack

April 25, 2007

Publishing AuthAnvil Self Service Token Enrollment

This evening I noticed that Amy Babinchak from Harbor Computing Services has posted an interesting tip on her blog about how to publish the AuthAnvil self enrollment site through ISA on SBS. Amy is a great ISA MVP who really understands Microsoft's firewall on SBS, and as a client of ours has been instrumental in some of the direction of RWW-Guard and AuthAnvil.

If you wish to make the self service enrollment site for your AuthAnvil server be available on the Internet, check out her post on the subject.

Thanks Amy!

Posted by Dana Epp at 11:13 PM | Comments (0) | TrackBack

April 16, 2007

What do passwords cost your business?

As companies extend access to their business online, they need enhanced password security, better identity management, and improved remote access control. Unlike traditional password management systems, strong authentication delivers the appropriate safeguards to increase remote access productivity while reducing online risk and the associated operating costs.

Today we are releasing a whitepaper that explores the total cost of ownership (TCO) associated with the use of password security to allow small and medium sized businesses to make an informed decision about the value of strong authentication systems such as AuthAnvil. We will show that the hidden costs of "free" password security actually outweigh the costs of implementing strong authentication, and offer far less protection.

This whitepaper, along with the accompanying TCO worksheet provided in Appendix A, will help you to understand the actual costs involved in password security. You can substitute your own numbers to determine if strong authentication costs and benefits outweigh those provided with password security for your business. Of course, we encourage you to contact us at any time to get a more comprehensive cost analysis based on your own unique needs.

Posted by Dana Epp at 10:01 AM | Comments (0) | TrackBack

March 30, 2007

HOWTO: Adding two-factor auth support into your own apps with AuthAnvil

Recently I have had some deep discussions with a few partners now about leveraging AuthAnvil deployments to offer two-factor authentication into existing business workflow. Not only can AuthAnvil be used for logging into your network and workstations, you CAN add support in your LOB applications that you write in house.

Today I put up a HOWTO video on "Adding two-factor auth support into your own apps with AuthAnvil". Within the first 4 minutes of the 9 minute video you will see just how easy it is to wire up your apps to consume the AuthAnvil Web Service in just a few lines of code. That's right. You don't need to be an expert in strong authentication security to add the power to your own apps.

I hope you find it useful. Enjoy.

Posted by Dana Epp at 01:44 PM | Comments (0) | TrackBack

June 06, 2006

HOWTO: Filtering firewall events in the FWDB Console

Did you know that there is a powerful query analysis engine behind the Firewall Dashboard (FWDB)? No? You're not alone.

Most people use the FWDB to get their graphical daily reports, and never open the FWDB Console. But good administration of the firewall reports goes beyond pretty graphs. The goal of the FWDB is to sift through thousands upon thousands of firewall events and point you in the direction of areas you should look deeper into. Human heurisitics will always trump static analysis by a computer, and there are some interesting tools in the FWDB Console that can really help in accomplishing that.

Today I put up a HOWTO video on "Filtering firewall events in the FWDB Console". If you use the FWDB you owe it to yourself to spend 5 minutes checking out the video and seeing how you can use the powers of the filtering of the "View Firewall Events" to add in this type of analysis.

Feel free to send me feedback if you would like to discuss this feature further, or have suggestions on how you would like to see the tool updated to make your analysis easier.

Posted by Dana Epp at 02:37 PM | Comments (0) | TrackBack

June 01, 2006

HOWTO: Import/Export Firewall Dashboard Settings

Ever find yourself in a situation where you want to reinstall the Firewall Dashboard, but don't want to have to re-enter all the configuration settings, especially your custom False Positive Filters? How about speeding up the standardized deployment of FWDB on multiple client sites?

Well, with the release of v1.1 came a new command line tool to do just that. Called FWDBSettings.exe, it can export existing settings directly to XML, which you can then import on any target FWDB machine (or itself of course). Want to learn more? Then check our our Video HOWTO on how to do just that.

Posted by Dana Epp at 11:39 AM | Comments (0) | TrackBack

May 30, 2006

HOWTO: Add FWDB to the SBS and ISA Management Consoles

I thought we would try something a bit different, and create a quick HOWTO using TechSmith's neat Camtasia Studio software.

I frequently get asked how to add the Firewall Dashboard to the SBS Server Manager. Some people don't even know, but you can ALSO add it to the ISA Management Console. WHAT?? That's right... the Firewall Dashboard can be installed ANYWHERE where MMC 2.0 snapins are allowed.

Not yet convinced? Well, check out the quick HOWTO screencast I did showing just that!

I would love some feedback on the screencast. If its something people find useful, I will do a bunch more. With Camtasia, it takes no time at all to produce these things. I think it was less than an hour to get that 4 minute piece done, and I would have to say the first 45 minutes was all about learning how to use the software. After that... it took no time to make the recording.

So drop me a line at dana@scorpionsoft.com, or log into Typekey and leave me a comment here! I look forward to hearing what you guys think!

Posted by Dana Epp at 04:24 PM | Comments (0) | TrackBack

August 14, 2005

Zotob: Latest Network Worm and How Carina Stops It

On August 9th Microsoft released a patch for a vulnerability in the Windows Plug and Play service (MS05-039), which was quickly followed with a new worm that exploited it.

For our Carina customers that ran a full profile on their Windows 2000 servers and included a full profile of the WINNT directory and system files, you are already protected against this vulnerability even before applying the patch (which you should do anyways). The impact is significantly reduced to a point that the worm cannot successfully install the backdoor trojan, rendering this attack useless for the following reasons:

• On exploitation Zotob tries to WRITE botzor.exe to the %systemroot% directory which is DENIED by the enforcement policy for the Windows core system.
  
• On Exploitation Zotob tries to WRITE(append) to the %systemroot%\system32\drivers\etc\hosts file, which is DENIED by the enforcement policy for the Windows core system.

On exploitation the malicious code will install a few registry keys which can be safely removed. The easiest way to do this is by using the Microsoft Windows Malicious Software Removal Tool to search for and remove the Zotob worm and its variants from your hard drive.

You can read more information about the Zotob worm from Microsoft here.

Posted by Dana Epp at 11:48 AM | Comments (0) | TrackBack

January 03, 2005

Quick Configuration Replication between Servers

Have you ever found yourself having to deploy Carina on multiple servers that have a similar protection profile? Instead of worrying about profiling the system again consider replicating the configuration from one machine to another.

How do you do that? It's quite easy.

1. Start the Administrative Console and log on
   
2. Select the "Carina Maintenance" group
   
3. Select the "Back up your data" task
   
4. When prompted at the dialog, select:
   • Active Policy Rulesets
   • Preferences
   
   
5. Browse to store the backup on the other server (assuming a free share is available). If a share isn't available, send the file to diskette, or some other transportable media such as a USB flashkey.
   
6. Press the "Backup" button
   
7. Do a default installation of Carina on the new server
   
8. Start the Administrative Console and log on
   
9. Select the "Carina Maintenance" group
   
10. Select the "Restore an old backup" task
    
11. When prompted click "Browse" and select the backup file created earlier
    
12. Click the "Select All" button to select all data to restore
    
13. Press the "Restore" button
    
14. In the menu at the top, select Tools->Preferences->License Key
    
15. Enter in the license key for the new server
    
16. Save the key and exit.
    
17. Select the "Set Protection Mode" task
    
18. Select "IPS" Mode
    

At this point, you will have replicated the last known configuration on the previous server and activated the rules. Now in IPS mode, it is running the same protection profile as the previous server.

Only cavet is that the pathing have to be the same. Outside of that, the same protection profile will immediately be locked into the kernel, giving you immediate protection.

Posted by Dana Epp at 05:56 PM | Comments (0) | TrackBack

May 19, 2004

Work Around: Analyzer unable to load Profiler Data

There has been an interesting bug caught today that will prevent the Carina Analyzer from loading the System Profiler data if you have an ampersand (&) in the main file/directory path of a resource being profiled. Due to a schema constraint on the dataset such characters are viewed as invalid data and the Carina parser rejects it, as it should.

The System Profiler has been updated to correctly output XML to support this through the use of a CDATA member, and this fix will be available in our next release. Until then, to work around this problem you can manually edit the carinaprofiler.log file and wrap the offending data with a CDATA tag.

Example (Original Data): <src>c:\foo\fu & bar\app.exe</src>
Example (Work around): <src><![CDATA[c:\foo\fu & bar\app.exe]]></src>

Thanks to Wim Kerkhoff for reporting this bug, and providing the details to diagnose the problem.

Posted by Dana Epp at 01:55 PM | Comments (0) | TrackBack