March 2010
In this issue:

Welcome to the first edition of the JW Secure Informer, our bi-monthly newsletter. I specifically chose the name 'Informer' because it kind of seems like a double entendre. Anyway, this newsletter is an opportunity to share what's on our radar, specifically with respect to enterprise network security, but also regarding IT and business more generally. This newsletter is also an opportunity to stay in contact with colleagues and customers.

We're starting with a small subset of our contact list. The general plan for the layout is this: I'll start with an original article which briefly summarizes whatever I think is timely and interesting. We'll also include a recent, third-party-originated, security-related article that meets those criteria -- but hopefully something you won't have seen elsewhere.

This is intended to be useful content and good for a quick read. So if it's just clutter in your inbox, we've failed, and I hope you'll let us know.

And now, the content:

Be Strong Because Your Browser is Weak

Watch out, browser users (yes, that's basically everybody), and brace yourselves for browser whiplash. First, the German government warned against using Internet Explorer. Then, the German government warned against using Firefox. Next, another zero-day security flaw in IE was announced on March 20. Finally, the CanSecWest security conference is underway as I'm writing this (March 24th), so expect more new browser threats to be announced.

Bottom line: there's no way to browse with 100% safety. But don't give up. Follow these guidelines, and you'll be pretty safe:

1. If you use IE, use IE7, and if you use Windows, use Windows 7. Firefox is an acceptable alternative if you're not an IE fan, or if you're not on Windows. But -- and this applies across the board -- always keep your patches up to date.
2. Browse as a regular user. That is, not as a member of the local administrators group.
3. Don't browse to sites you don't know.
4. Don't click on ads.
5. Don't install software off the web.
6. Use a different password for each site.

Of all of those, the last one is usually the most difficult to achieve. The best solution for remembering so many different passwords: don't try. Instead, write them all down on a piece of paper and keep it in your purse or wallet.

University of Washington Business Plan Competition

The UW 2010 BPC will start in early April. I'll be a judge again this year -- something I always look forward to, since I get exposed to a lot of different fields (everything from restaurants to healthcare), and many of the ideas are exceptional.

A warning to established businesses: don't get complacent. The next generation of competition is right around the corner, and they're hungry.

DirectAccess is one of the most compelling features of Windows 7 and Server 2008 R2. Briefly, it's like an always-on VPN connection and it offers two key benefits. First, employees can work the same way regardless of whether they're on or offsite. That is, internal resources are exposed securely even to traveling users, and there's no need to deal with starting and stopping VPN clients -- a notorious source of help desk traffic. Second, with DirectAccess, since the mobile PC is now always connected, it can now always be managed. For example, group policy changes take effect immediately, rather than waiting until the next time the user is in the office.

Good stuff. So a common question has been: can small businesses take advantage of DirectAccess, too? Short answer: yes, but DA can be confusing to setup, and the typical small firm would probably have to buy an additional server. Be sure to engage with an IT firm that knows what they're doing. More info can be found here and here.