Voici la liste préliminaire des sessions Sécurité de l’IT Forum 2005 à Barcelone
Building Trust in Computing This session with provide an overview of Microsoft security technology investments including a discussion of the most recent acquisitions of Sybari, Alacris and Giant Software and how they fit into the technology roadmap for the company. The goal is for attendees to understand the security technologies and products Microsoft is investing in, what security products the company will be shipping within the next 12-18 months and the future development efforts the company will make to improve the security of its products and customers’ IT environments. Extending Messaging Hygiene to IM and Portals Companies are utilizing technologies such as Microsoft Live Communications Server and Microsoft SharePoint Portal Server to boost the efficiency and effectiveness of business communications. While these tools improve information sharing capabilities, they also introduce new intrusion points for hackers and spammers. In this session, attendees will view a live demonstration of Antigen for SharePoint and Antigen for Instant Messaging and learn about the specific risks posed by unprotected collaboration applications. In addition to product demonstrations that highlight implementation and configuration best practices, attendees will learn about virus scanning using multiple engines; risks associated with corporate, public and federated IM implementations; file and keyword filtering for preventing unwanted or inappropriate content in document libraries and IM communications; spim defense; and integration with core messaging security for complete messaging hygiene. Frontbridge: Managed Security, Compliance and Availability Services In August Microsoft completed it's acquisition of Frontbridge, a company that delivers managed services that help address corporate e-mail compliance, security and availability requirements. In this session you will learn about the technical aspects of the service offering and what it can provide for a corporate IT department. Internet Security and Acceleration (ISA) Server 2004 Rules: I'll Show You My Rules, You Show Me Yours! This session looks at the rule base of a medium size business and explains all the gotchas and tips and tricks that this deployment used to get the most out of ISA Server 2004 Enterprise Edition. We'll look at how NLB was set up, what rules authenticate and why, listener configuration, protocol filter and HTTP filter setup, and the routing conditions that had to be done to make it all work. Not a session for beginners, but this one should have something new for ISA Server admins to add to their toolbox. Leveraging your Active Directory (AD) for Perimeter Defense – Inside and Out This session highlights the advantages of using Internet Security and Acceleration (ISA) Server 2004 Active Directory for web proxy scenarios. Using AD for network security provides another layer of protection against internal clients transmitting sensitive data and intellectual property to external sources. ISA along with AD authentication allows for companies to monitor and manage how users utilize external networks and especially the Internet. Are you tired of tracking IP addresses to Internet usage? ISA 2004 AD integration allows an administrator to tie Internet usage back to AD Account names. This gives companies additional data for accountabliity to users on company policy regarding the use the Internet. Peer-to-Peer software can cause compliancy issues if their users do not follow policy. ISA 2004 helps enforce compliancy with these regulations by giving the administrator control over what applications can access the Internet based on who the person is and just the application. Business functions using peer to peer are allowed to function and be monitored through the ISA 2004 Server. Come and learn more about how to leverage your powerful security tool of Active Directory along with ISA Sever 2004. Message Hygiene with Exchange Server 2003 Viruses, worms, spam and other unwanted e-mail have become a destructive reality that many administrators of Microsoft Exchange routinely face. This session provides recommendations and guidance for slowing and stopping the unwanted messages entering your Exchange 2003 environment. Learn how the Exchange Intelligent Message Filter supplements existing anti-spam features in Exchange 2003, as well as how Virus Scanning API 2.5 provides greater protection and administrative flexibility against malicious and harmful messages. Microsoft Data Confidentiality Solutions Learn more about the Microsoft technologies for information protection and data confidentiality - Windows Rights Management Services (RMS), Encrypting File System (EFS) and SMIME. This session will provide you an understanding of what each technology does, how it works and why it is important to your organization. Attendees will gain a clear understanding of what each technology is for and where they intersect or align. Watch product demos that show the ease of use for your end users. Mobile Device Security: Issues, Threats and Solutions
In the rush to empower users with anytime, anywhere e-mail and data, have you considered the impact this might have on your security and privacy policies? Can unauthorized users intercept valuable and proprietary company data during transmission? If a user's mobile phone or Microsoft Windows Mobile-based Pocket PC is lost or stolen, have the bad guys captured the keys to the kingdom? In this session, Byron Hynes gives you planning guidance and describes scenarios for securely deploying Windows Mobile-based devices to an enterprise-level Microsoft Windows-based network. You will learn about common mobile security issues and common pitfalls, see mitigation techniques, and find out how to improve security in your enterprise policy. MS IT: Messaging Security at Microsoft Exchange Security Guides provide the best recommendations for running a secure Exchange environment. Find out how Microsoft IT applies and manages these recommendations in its Exchange ecosystem. Microsoft's internal messaging environment will be used to illustrate and discuss a variety of messaging security topics. Topics will include e-mail hygiene, securing mobile messaging infrastructure, hardening the Exchange server platform, and securing Exchange communications. So if you manage or deploy Exchange and are concerned about security then this is your chance to ask the experts. Rootkits in Windows This technical session focuses on the latest methods used by rootkit developers to hide their tools on computers running Microsoft operating systems. Rootkits are a special class of malware. They're special because you don't know what they're doing, they're nearly undetectable, and they're almost impossible to remove. While detection tools are proliferating, malware developers are constantly finding new ways to cover their tracks. Running with Least Privilege in Windows Vista This session will educate IT Professionals on the new desktop lockdown technology in Windows Vista, User Account Protection. User Account Protection helps prevent attacks by malware, root kits, spyware, and viruses by requiring that users run in protected user mode and by limiting administrator-level access to authorized processes. This new Windows technology also allows desktops to be locked down to stop installation of unauthorized applications by end users or inadvertent changes to system settings. Attendees will receive an introduction to User Account Protection in Windows Vista and will be led through deployment methodology and best practices. The deployment discussion will include content targeted at the developer or IT implementer working to ensure that line of business (LOB) applications can be updated so that they operate correctly in an infrastructure with User Account Protection deployed.
This session will include demos highlighting the new functionality in Windows Vista vs. Windows XP for both typical end-users as well as for desktop administrators. Attendees will leave with a working knowledge of User Account Protection and an understanding of basic deployment considerations. This session will benefit both IT managers and implementers alike as well as provide value to IT developers focused on line-of-business application development. Securing Email: Implementing a Layered Defense Strategy for Microsoft Exchange Layered defense is the best possible protection against threats to e-mail security and productivity. In this session, learn how secure deployment strategies, the management of multiple antivirus scan engines, and information protection technologies can ensure your enterprise is locked down against threats and policy violations. We will give you an in-depth look at protecting Microsoft Exchange at the edge, server, and client level. Security Law and Best Practices European companies have had a focus on data protection for a long time, because of things like national legislation implementing the Data Protection Directive. Less well-known is that for many companies doing business in the USA, security isn't just a best practice, it's actually a legal requirement. And both in the United States and Europe, these issues develop and change over time. Are your organization's systems and networks ready for the next wave of laws? Or are you going to have to do massive amounts of work (at massive expense) to get there?
Using case studies, this presentation will focus on current and future regulation in the US and Europe, including: - The Sarbanes-Oxley Act and its implications for European business; - The EU Data Protection Directive and national implementing legislation; - The Framework Decision on Cybercrime, and expected future legislation; - The 2010 Communication and its focus on trusted computing. The Rebirth of the Smart Card Public Key Infrastructure (PKI) technology and smart cards have been supported in Microsoft Windows in various ways for almost a decade. Challenges in deployment and management, lack of guidance, and lack of practical applications for smart cards has impact the large scale adoption of this technology in the enterprise and public sector. The climate around PKI and strong credentials, such as smart cards, is changing dramatically. Password only use is in rapid decline and projects for using smart cards as electronic identity cards in public and private sector projects are on the rise. With eHealth and eGovernment projects leading the charge, the smart card is finally finding a home in organizations worldwide. To support this rebirth, Microsoft is investing heavily in enhancing the IT Professional and end-user experiences associated with the deployment, use, and ongoing management of smart card infrastructures in Windows. This session will discuss those technology investments, their timeline, and the practical application of these technologies in today's enterprises. Demos of common provisioning and deployment steps will be included. Attendees will walk away understanding what is available in Windows today and what will be available in Windows tomorrow to help them deploy strong credential solutions based on PKI, such as smart cards, to strenthen authentication, provide trustworthy identities to their users, and leverage strong credentials in their applications. The session will focus on the functionality of the technology, the deployment framework, and lead attendees to further guidance. This session will benefit both the IT Implementer and IT Business/Technical Decision Maker. The Re-emergence of the Smart Card: Making it Easier As the use of passwords only for authentication continues to decline rapidly, many organizations find themselves in the agonizing position of having to evaluate a number of strong credential and multi-factor authentication solutions to deploy across their organizations. Among the best candidates for solutions in this area is a PKI-based smart card infrastructure, offering maximum flexibility and security when it comes to authenticating users and resources in a trustworthy fashion and leveraging those trustworthy identities in network applications. Over the past decade, numerous smart card deployment projects were stalled and or permanently terminated due to the apparent complexity and cost of deploying and managing a PKI-based smart card infrastructure. Microsoft has made a number of technology innovations in Windows to simply make smart cards easier and ensure that they are a viable form of authentication in this security sensitive world.
This pre-conference session will include demos, case studies, and panel discussions including members of the product management and engineering teams for Microsoft’s Certificate Services and smart card infrastructure components as well as members of Microsoft IT. Attendees will walk away, confident in their ability to jumpstart the deployment of smart cards for strong, multi-factor authentication in their organizations.