John Morello: Designing Software Security Infrastructures for Large Systems

Posted By: Charles | May 15th, 2007 @ 1:22 PM | 11,292 Views | 8 Comments
John Morello graduated from LSU and has been with Microsoft for over 6 years in a variety of roles. As a Senior Consultant, he designed security solutions for Fortune 100 enterprises and Federal civilian and defense clients. He’s currently a Senior Program Manager in the Windows Server group working on security and anywhere access technologies. John and team are subject matter experts and trusted advisors to customers and engineering teams for complex deployments using Windows Server workloads. Workloads usually comprise of one or more roles are aligned to how our customers deploy/use servers in their business. An example of workload is Security which comprises of several roles like PKI, Remote Access, etc. The team is non-Redmond focused so they have more customer coverage.
Media Downloads:
Rating:
0
0
#May 15th, 2007 @ 5:53 PM
SecretSoftware
SecretSoftware
Code to live, but Live to code.
Certainly one of the cool videos in C9!

It touched on some questions I was wondering about in terms of Multi-Core and Cryptography.

The main problem here is that many of the crypto algorithms depend on the impracticality of factoring prime numbers in a meaningful time frame.

With the advent of Multi-Core architecture, this problem has become more manageable from a cracking point of view. Hence this represents a concern to many business owners, because they cannot sleep thinking their data/business/customers' private info are secure, because the computing power is certainly here.

The only solution is to develop newer cryptographic and stenographic algorithms, that does not depend on computing power at all. Rather it should depend on mathematical unknowns. Like the 3 unknown algorithms etc..

I believe there is a need for the development of the One Time Pad over PKIs, so it can be used securely in business platforms. Because only one time pad algorithm (Vernam's algorithm) does not depend on the processing power as a factor in the security of the algorithm.

One of the problems that many devs face is that you have to trust a 3rd party in the Public Key exchange scenario, and I managed to develop a secure way to exchange public keys without the need for 3rd party to be trusted. And I am working on optimizing this.

As a developer I feel that there should be more algorithms that depend on mathematical solvability problems rather than computing power impracticality as a function of time. Because as time goes on, we will get more powerful processors, and we are at a stage where we cannot afford to keep the algorithms that were developed in the 60s and 70s time frame.


On the whole, it was a very good channel9 video. Many thanks to Charles and many thanks to channel9.Smiley

PS: It would be good if we get more crypto videos and in general more security videos, because this topic is fascinating. I call cryptography and stenography the 7th wonder of the computing world.[A]


#May 15th, 2007 @ 7:07 PM
raymond
raymond
Great video, but please slow down just a little.

More like this Charles.

Cool

PS Are all you guys and gals sent to a speed talking course?

The result is a "fire house" presentation style.

Ever try to drink some water out from a fire hose--do not recommend it if you want to save your face.

Unless the subject being presented is one you are an expert on, the speaker quickly loses a majority of the audience.

I have heard a number of Microsoft speakers at various events use this speaking style--trying to cover a lot of material by talking very fast.

Suggestion: cover less material in more detail and talk at a moderate pace.

Your speaker evaluations will improve immensely and so will your performance evaluations and may be even your salary.

Enjoyed the video, although it is not my area of expertise.

Thanks again--great video!

Cool

PSS Listened to the video a second time. The real problem is too much jargon, acronyms and abbreviations. 


Clarity of Communication

http://www.ecademy.com/node.php?id=84236 

Don Box nailed it:

Don Box - What goes into a great technical presentation? Smiley

http://channel9.msdn.com/ShowPost.aspx?PostID=31792

Charles or Rory, when are you going to have Don and Chris on Channel 9 again?

Idea: Suggest to all interviewees they watch the above Don Box video before coming on Channel 9. Wink



  

#May 17th, 2007 @ 4:57 AM
ZippyV
ZippyV
Fired Up

I've been asking this question a lot of times but never got an answer:

In Belgium every citizen gets a e-id smart-card with 2 certificates on it: one for signatures (like signing documents and emails) and one for authentication (like ssl).
Could it be possible to configure Active Directory to authenticate users using their e-id card and pincode?

#May 17th, 2007 @ 5:45 AM
Oguz
Oguz

Nice video. I have a question. I’ve rolled out a PKI in our network. I want to implement  smartcard authentication but the problem that we encounter is that Exchange Web access authentication is not possible if you set the user profile to use smartcard to authenticate. How can I give the employees to get access to web access of Exchange 2007. I’m using currently FBA for web access.

And another question is I thought that it was possible to extend your internal PKI to outside for using signed/encrypted email. I need to give the URL of the Root CA in the certificate that is running inside of my network. That way it must be possible to authenticate the certificate to my CA from outside. Is this correct?

 

#May 17th, 2007 @ 7:35 AM
morello
morello
It certainly is possible, assuming that you install the client software required by the card.  This software is usually referred to as the 'card middleware' or 'csp' (cryptographic service provider).  Once you have the card software installed, you just need to update the users' UPNs in Active Directory to match the Subject Alt Name value on the cards.  We even have a KB article that goes into greater detail on how it all works and how to set it up:

Guidelines for enabling smart card logon with third-party certification authorities
http://support.microsoft.com/kb/281245/en-us
#May 17th, 2007 @ 7:41 AM
morello
morello
For question #1... you can't use smart card authentication with forms based authentication.  See the following KB article on how to setup smart card authentication to OWA:

Description of the new feature in Exchange Server 2003 that supports Smart Card authentication to Outlook Web Access
http://support.microsoft.com/kb/920209/en-us


For #2... If you want external users to be able to interoperate with certificate you issue, they'll need to trust your root CA and be able to perform validity checks against certificates that chain up through it.  Trust can be established in a variety of ways.  For single users, you could simply post the certificate to a web site and provide users with instructions on how to install it.  For business to business scenarios, you can work with an administrator at the other organization and they can publish your root certificate to their Active Directory, making it trusted by all the users in the directory.
#May 17th, 2007 @ 11:23 AM
Oguz
Oguz
Thanks John.

I toughed that the client certificate will be verified at the root certificate by a Root CA publish points without having the Root CA certificate installed on the recipients machine. So you mean that my Root certificate must be installed on recipients pc to verify the client certificate, and it’s not possible to point within the client certificate to the Root CA hosted on my company web server.
#May 17th, 2007 @ 12:27 PM
morello
morello

The reason its important that the recepients of signed mail trust the CA hierarchy of the sender is because, without that trust in place, Outlook will flag the signature as being from an untrusted CA.  While cryptographically the signature is the same, the end user experience is poor if you have a self signed root not trusted by the receiver of the message.

If you're just sending mail to a some other IT people this may not be a problem, as you could easily provide instructions about how they can trust your root.  However, if you're providing this as a service for your end users and you can't predict in advance who they'll be sending mail to, I'd recommend using implicitly trusted certificates.  This will provide a much better end user experience and fewer support calls.  You can purchase implicitly trusted SMIME certificates from organizations like Verisign and Cybertrust on an ad-hoc basis.  Alternatively, you can contract with those organizations to run your own CA in your own datacenter that's subordinated to their root.  This allows you to issue certificates from your own CA that are globally trusted.  See the following TechNet article for details:

http://www.microsoft.com/technet/technetmag/issues/2006/12/SecurityWatch/

Microsoft Communities