Abstract:
Gain knowledge and skills essential for the design and implementation of a more secure computing environment. Learn how to assess your current security status, identify system priorities, and apply best practices to deploy a framework for improved security in the future. Also, you will build on existing knowledge of server and client security and learn how to apply best practices to implement perimeter and network defenses. The session will discuss the use of hardware and software firewalls for network and application filtering and how to implement intrusion detection mechanisms. You will also learn how to increase security for wireless network access through the use of encryption and password authentication protocols.

Abstract:
Building secure Web sites is a top priority for developers today. To do this, it is important to understand Web security fundamentals and the nature of threats that exist for existing applications. In this session we will show you how to identify critical security threats to Web applications, and the steps to defend against them. Topics include IIS security, the ASP.NET worker process, and authentication and authorization models. (This session is a consolidated one of DevDays 2004.)

Today's security threats have grown to encompass more than viruses. Blaster, Welchia, and Sobig.F infected millions of computers worldwide. What's more on the recent Sasser worm's where impacted millions of mobile workers after using them over the weekend from relatively unsecured Internet locations. In this session, Symantec will demonstrate how the comprehensive security solutions will enable your remote and mobile users protected against the complex Internet threats. You will also learn how to proactively evaluate the impact of a vulnerability to your systems, to take proactive steps to mitigate the threat before an exploit is available, and to avoid any impact to your systems or network.

Abstract:
Discover how to apply detailed host hardening guidance to enhance the security of servers used in legacy, enterprise client, and high-security environments. Familiarize yourself with steps to help secure client computers in environments where Windows Server 2003, Windows 2000, and Microsoft Windows NT® 4.0 servers are present. Identify best practices for clients in extreme high-security environments. Learn how to configure Microsoft Office and Microsoft Internet Explorer to help increase the security of your client environment. Also, receive advanced prescriptive guidance to help secure servers and clients in high-security environments. Observe demonstrations of the technologies and practices that help enhance security for local and remote clients.

Abstract:
Microsoft Internet Security and Acceleration Server 2004(ISA 2004) is the advanced application-layer firewall, VPN, and Cache solution that enables customers to easily maximize existing IT investments by improving network security and performance. Come here and learn more about how ISA 2004 can change the way you think about network security.

You may already know passwords offer low security, lead to high costs and cause IT management headaches. But did you know there is now a secure, simple alternative to passwords for the Microsoft® Windows® operating system? Learn how the recently announced RSA SecurID® for Microsoft® Windows® solution can replace weak passwords to help today enterprises using Windows operating systems.

Abstract:
While Microsoft strives diligently to reduce vulnerabilities in its code, software patches and updates continue to be an ongoing and important part of an organization's system management and security strategy. Software is complex by nature and it is generally accepted that flaws may be discovered in well-tested and well-respected products even after being in the marketplace for years. As a result, Microsoft's customers must be able to identify which patches and updates they need and to quickly and efficiently install those patches and updates across the enterprise. This session will describes Microsoft's efforts to significantly improve the patch and update management process and provides direction for effectively using the software update tools and resources currently available.

Abstract:
The best way to understand how attacks against Websites work is to see them demonstrated live and in person. This demo-laden session focuses on understanding threat modeling and the common threats that all Web applications face. Topics include types of attacks; demos of common attacks such as SQL injection, cross-site scripting, and input tampering attacks; and identifying vulnerabilities using threat modeling techniques. (This session is a consolidated one of DevDays 2004.)

Abstract:
The recent Sasser network virus attack has showed that traditional antivirus software is ineffective to combat the Sasser-like network viruses (Internet worms). Trend Micro has launched a network outbreak prevention appliance called Network VirusWall to protect enterprises from network virus attacks. Network VirusWall helps organizations stop network viruses, block high threat vulnerabilities during outbreaks, and quarantine and clean-up infection sources including unprotected devices as they enter the network.

Abstract:
The final layer in our defense in depth model involves securing our data and applications. This session bolster your knowledge of Windows security and learn how to enhance security for applications and Microsoft Windows Server System™ components, including Microsoft SQL Server™, Microsoft Exchange Server, and Microsoft Windows Small Business Server. Discover new technologies to help protect data and restrict access to sensitive information.

Abstract:
Microsoft Windows XP Service Pack 2 brings Windows XP users advanced security technologies, innovations, and updates from Microsoft. It improves security infrastructure to help defend against viruses, hackers and worms, and provides tools that enhance manageability and control. Additional updates improve overall user experiences with Windows XP. On the other hand, how Microsoft IT participates in the beta testing and some problems we encountered will also be shared.

Abstract:
An Information Security Management System (ISMS) is the means by which management monitor and control corporate security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements.

In this presentation the speaker will share with the audience his experience of implementing an effective ISMS using the PDCA model and also highlight the necessary steps for achieving BS7799 certification.

* BS7799 is a standard setting out the requirements of an Information Security Management System.