Enabling Secure Remote access in your Environment - Steve RileyYes, I just went to this one because Steve Riley is a good/amusing speaker. Every time I've been to one of his talks, I cringe when I think about some of the security we have at work. We have a lot of remote access entry points - VPN, web mail, etc etc, and not a lot of security around them. Anyhow, not a lot of new stuff in this talk, but it was fairly interesting nonetheless. It would have been much more enjoyable without the lanky tard behind me talking and kicking the back of my chair, but oh well, you get that. *
Tips and Tricks to running Windows with Least Privelege - Steve RileyThe title of the presentation makes the content pretty obvious - I hope. It was all about running Windows without being a local admin. I actually think I'm going to try to do this with my next rebuild. The presentation re-iterated the reasons why you'd bother, and gave some good tips and tricks as well as pros and cons (It's not a silver bullet, there are issues, and still vulnerabilities) to the whole thing, as well as some interesting links and tool names.The short description is possibly selling the presentation a bit short. Steve is a great speaker, and always makes his presentations interesting. That said, some of this stuff kind of speaks for itself. The main points are that it's unceccesarily hard to do this in Windows at the moment, but that you can do it with a bit of patience. Of course they're planning to make it all nice and simple in Vista, so maybe you might as well just hang out for that.
SummaryThe overall conference summary was that it was time well spent for me. I handed in my evaluation form to get a Rubix cube branded with Microsoft stuff. It seemed like a bit of a poor gift given the standard set by the backpacks, but oh well. One comment about a lot of the content - a lot of it was very high level. If you'd worked with BizTalk and went to a BizTalk presentation, you'd probably be sitting there saying "I know this". I talked to a friend and ex-colleague from years back, and that was his comment - pretty much everything that was being talked about they knew about, or were already using. Perhaps that's a lesson in picking your sessions though - if you're skilled in ASP best practices, then you won't want to go to that session - but you might get value in the overview of whats new in the next release, or in a session about something completely random for you, like firewalls or SQL, or whatever.For me, that was the *good* thing about it. It gave me a nice high level overview of a lot of things which really helped put things into context. Some of the presentations gave me enough info to be able to say "Yep, I now know what that does" and file that into the back of my mind ("NEW FACT! NEW FACT!"), but that mileage might vary for other people. Anyhow, it was 3 days well spent for me - now all that remains is to clear the backlog of work when I get back into the office tomorrow, after being away for almost 2 weeks.. eek.