Server & Domain Isolation with Fernando Cima, Microsoft Brazil (Podcast) - Port 25: The Open Source Community at Microsoft

Port 25 - Communications from the open source community at Microsoft
< Back to Blogs
Server & Domain Isolation with Fernando Cima, Microsoft Brazil (Podcast) by jcannon on July 07, 2006 07:43PM

Our first podcast...

This week, Sam talks with Fernando Cima from Microsoft Brazil's Security Center of Excellence about the challenges and progress being made in securing and maintaining today's mixed network environments. More specifically, the focus in this discussion is on Server and Domain Isolution. Before Microsoft, Fernando worked for the Brazilian government, as well as with Linux and FreeBSD security projects.

- Download the MP3 Directly
- Learn more about Server and Domain Isolation.


Podcast Related Links:
- Subscribe to the Port 25 Podcast Feed
- Subscribe to Port 25 Podcasts in iTunes

Attachment: http://port25.technet.com/videos/podcasts/P25ShowOne.mp3
Comments RSS
  1. fernando_cima said:

    Thanks Jamie, Sam and the CTAC crew for the opportunity for this podcast. I'd like to add a little bit more of information to our readers:

    IPsec is usually associated with VPN, and sometimes people don't realize that it can be used to protect "regular" network traffic inside a corporate or home network. This is basically what Domain Isolation is about: using IPsec in transport mode to authenticate and sometimes also encrypt trusted network traffic, while discarding traffic from untrusted sources.

    This is a solution that has been in use in Microsoft corporate network for some years, and when we took it to customers there was a clear need for interoperability. So our group (me and my colleague Kiyoshi Watanabe from Japan) started working on creating guidance for using the solution with Linux, FreeBSD, Mac OS X, Solaris and other platforms.

    The beauty of it is that every modern OS has IPsec and IKE support, and even though not all IPsec implementations are created equally, all the platforms we tested have been working quite well. As long as you have IPsec and IKE support, with PKI authentication, and is able to define remote IPs/subnets where IPsec should not be used, you are good to go.

    Our guide is currently being formatted and going through the legal and technical review, and should be posted to http://www.microsoft.com/sdisolation as soon as it is ready. We are sorry for not having it on time for the podcast, but in the meantime I'd be glad to answer any question that our readers might have!

    posted at 08:33AM 07/10/2006
Post a Comment
*
*  

Media

Search
About jcannon

jcannon My first interaction with computers was in... More...

Read jcannon's Posts Subscribe tojcannon's Posts
Recent Posts by jcannon
 
Archive