Presented by Steve Riley and Jesper Johansson, this five hour pre-con went very quickly, a good sign that it wasn’t at all boring! They started by going through some core tools that can be used for ensuring that your systems are up to date and deploying fixes to ensure that they stay there.
They then went through some of the comprehensive guides that are available from Microsoft. I won’t go through the list of tools or guides as the slide deck should be available from www.steveriley.ms in a few days’ time.
These guys certainly know their stuff but I’m not sure that I agreed with all of their proposals. For example, they suggested that using account lockout in any shape or form was a bad idea as it could be used to mount a denial of service account, causing accounts to get locked out. That may be true but if you haven’t got a good proactive system monitoring process in place, you aren’t going to catch the audit events showing you that someone is failing to authenticate and, worse, has succeeded. By using account lockout to even lock an account for one minute, you can slow that brute force attack down.
I’ve got a couple of to-do’s out of this session and a ton of reading to do. If the rest of Tech-Ed is like this, I’m going to be very busy at the end of it!