Identity Management and Information Security from Kent Nordström's point of view!
I am getting lots of positive feedback from readers all over the world. Feedback that really warms my heart. I just can’t help sharing one with you.
Kent, I’m super impressed with your book. Authoritative information in combination with a collegial writing style is a rare find. One of the ways you distinguish your writing from other tech books is the way you inject little tips to help keep the boat pointed straight up the river:
Looking forward to reading every page…
-Bill Boswell
I just want to take this opportunity to say thanks to everyone that over the years have worked with ISA and TMG. Having myself worked with ISA and TMG since beta of ISA 2000 I can only say… You all did a fantastic job, making ISA and TMG one the best firewalls on the market. Thank you!
Today TechDays starts in Sweden. Great stuff covering Nextperience will be presented. I will not make any presentations this year but many of my MEET friends will.
Just look at the list below and realize many of them will be available for sessions and discussions at TechDays in Örebro in next few days. Don’t miss it!
One of my favorite writers is Isaac Asimov. I am at the moment in the process of re-reading the complete series of books included in the Foundation Universe series (15 books). I am reading them in the order as suggested by Asimov himself before he passed away.
For thoose of you that do not know who Asimov is, or what the Foundation series are. I would like to point out the fact that the Foundation series was awarded the Hugo Award for Best All-Time Series in 1966 in competition with the well known Lord of the Rings series written by J.R.R. Tolkien.
Below is a list of the books and the order to read them. The table contains the order no, the year the book was published, the name of the book and some comments.
| 1 | 1982 | The Complete Robot | Collection of thirty-one robot short stories written between 1939 and 1977. |
| 2 | 1954 | The Caves of Steel | This is the first of the robot novels. |
| 3 | 1957 | The Naked Sun | The second robot novel. |
| 4 | 1983 | The Robots of Dawn | The third robot novel. Hugo Award nominee, 1984. Locus Award nominee, 1984 |
| 5 | 1985 | Robots and Empire | The fourth robot novel. Locus Award nominee, 1986 |
| 6 | 1951 | The Stars, Like Dust | This is the first of the Empire novels. |
| 7 | 1952 | The Currents of Space | The second Empire novel. |
| 8 | 1950 | Pebble in the Sky | The third Empire novel, however, it was Asimov’s first full novel to be published. |
| 9 | 1988 | Prelude to Foundation | This is the first Foundation novel. Locus Award nominee, 1989 |
| 10 | 1993 | Forward the Foundation | The second Foundation novel (although it was the last written by Asimov himself). |
| 11 | 1951 | Foundation | The third Foundation novel. Actually, it is a collection of four stories, originally published between 1942 and 1944, plus an introductory section written for the book in 1949. Published, slightly abridged, as part of an Ace Double paperback, D-110, with the title “The 1000-Year Plan”, in 1955. |
| 12 | 1952 | Foundation and Empire | The fourth Foundation novel, made up of two stories, originally published in 1945. Published with the title ‘The Man Who Upset the Universe’ as a 35c Ace paperback, D-125, in about 1952. |
| 13 | 1953 | Second Foundation | The fifth Foundation novel, made up of two stories, originally published in 1948 and 1949. |
| 14 | 1982 | Foundation’s Edge | The sixth Foundation novel. Nebula Award nominee, 1982. Hugo Award winner, 1983. Locus Award winner, 1983 |
| 15 | 1986 | Foundation and Earth | The seventh Foundation novel. Locus Award nominee, 1987 |
Hope you will enjoy reading this series as much as I am.
My new blog has now been around for 6 months and looking at the statistics over this period the blog has an interesting visitor curve…
konab.com First 6 months
One might wonder… Where will this end…
To all of my visitors I hope you will all have a great summer and thanks again for visiting konab.com
When using a Nokia E7 to synchronize with your Exchange server you might get into trouble if your certificates contains the Issuance Policies (Certificate Policies) extension.
Sniffing the traffic I found that when trying to connect the Nokia device sent an TLS Layer-1 Encrypted Alert (Hex 02 0A) and killed the TLS negotiation. Initially I was pretty sure I made some mistake when I installed my root CA certificate in the device, but after double-checking that, I was still unable to get the TLS handshake to work.
After a few hours of troubleshooting I found that the problem was that the certificate I used on my Exchange CAS server had an Issuance Policy referring to my CPS. In order for the Nokia E7 device to be able to consume any of my internal https sites I needed to change the certificate template and remove the Issuance Policy extension and renew my certificates used by my Exchange CAS and other internal websites.
After that the Nokia E7 was able to synchronize and access other internal https sites.
I have just taken my first look on Windows 8 and even though it looks good it scares me.
The scary part is that it looks all to close to Phone 7 and that leads me to think that maybe MS is cutting security to make yet another “consumer friendly” product.
We all know that Windows Mobile 6.5 was a pretty secure and managable operating system. But to take on iPhone and Android MS took a step back in security and manageability with Phone7.
I do hope that Windows 8 is not taking the same security back-step just to compete with other consumer products. I will be a happy guy if MS proves me wrong on this one!
What is the plan for TMG in the future? Will it vanish or will it just be a part of the next generation where TMG and UAG become one “Unified Gateway”?
Why suddenly ask these questions you might wonder, well…
The last Gartner report, published 25 May 2011, on Secure Web Gateways presents the following Maqic Quadrant for Secure Web Gateways.
Magic Quadrant for Secure Web Gateway
As you can see it does not list TMG and the report contains the following text:
“Microsoft has informed Gartner that it does not plan to ship another full version release of its SWG product, the Forefront Threat Management Gateway (TMG). The product is effectively in sustaining mode, with Microsoft continuing to ship Service Pack (SP) updates; the next one, SP2, is planned for 3Q11. Microsoft will also continue to support TMG for the standard support life cycle — five years of mainstream support and five years of extended support. In the SWG category, TMG will become less competitive over time, since Microsoft’s goal is not to compete head-to-head with other vendors in that space. We believe that Microsoft will repurpose TMG technologies in other products and services as part of its overall cloud strategy.”
I have spent the last few days trying to get some “official” comments on this from Microsoft but has so far failed. So we can only speculate what this means.
My speculation around this is that this is part of the cloud strategy as mentioned in the Gartner report and UAG is the gateway product prepared for the cloud. My guess and speculation is that this is not the end of TMG as function but maybe as standalone product. I think we will see TMG and UAG merge into one “Unified Gateway”.
[Update 2011-05-31]
During the last 48 hours I have recieved information leading me to believe my guess and speculation above is not entirely correct. The “truth” is not yet revealed but hopefully Microsoft realize that customers and partners are waiting for clarification on the product roadmap of TMG and UAG.
[End of Update]
As soon as any official statement is presented I will add that to this post.
[Update 2012-09-17]
Important changes to Forefront product roadmaps
[End of Update]
IPv6 is something we all know is coming and we will not get away with not learning it.
For a while now I have had my own /48 range from my ISP. I have been able to explore the resources available on the IPv6 Internet. Finally I have also taken the time to implement IPv6 in my environment and as a result this blog is now one of the first available on the IPv6 Internet.
So please… if you have IPv6, visit me on 2001:1630:100::70
Since this is quite new to my blog engine I would be happy if you commented on any malfunctions when accessing my blog using IPv6.
Coming up is a an article on how you implement IPv6 in an UAG/DA environment, so stay tuned.
Since I work a lot with PKI design, I can’t help wondering how someone like Comodo/Usertrust can still be considered trustworthy. In my opinion the update should be to remove them from the list of trusted issuers! I think that the fact that VeriSign got away with it in 2001, has set a standard that we can continue to trust issuers even if they have proven not being trustworthy.
I think that this is a very dangerous path, since this will lower the trust in certificates as a secure identity.
After the attack on Comodo late last week please make sure to install the update Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing.
