Orlando, city of humidity, Disn-o-Universal, and TechEd 2007, the latter being Microsoft’s key yearly show for customers, partners, and learning.
Port80 Software was there in force this year with live IIS7 demos, free site reviews, and IIS and HTTP tips and tricks for all. It all started on Saturday, June 2, as Port80 forces descended on Orlando by plane and car (we took alternate routes to avoid suspicion). No time for dinner, just check in and get ready for Sunday, the booth set-up day. Yes, someone has to put these things together, and you would be surprised how even the best laid booth plans can change when you are on the ground. Despite a few hiccups and curses, the booth became reality… All demos were set up, including a ServerMask ip100 dongle, which was placed between the booth’s Internet connection and the booth CPUs. We wanted to keep the casual probers and any crackers at TechEd from getting in… plus we hoped to show our logs the next day of all the hacker probes which the ServerMask ip100 had blocked the night before. It seemed like a good idea at the time.
Ready for Monday AM, Port80 retired to the House of Blues for well-deserved cocktails at 8PM Sunday night with partners Arxceo and PrivacyWare.
9PM: Dinner complete (great seared tuna, per Port80's Joe Lima).
10PM: More cocktails.
11PM: Cocktails interrupted.
Chris from Port80 glanced down at his cell phone. Who could be calling tonight? The show had not even started… It was the main booth organizer from Microsoft for TechEd, and there was an emergency.
“What device did you guys leave in your booth?” she asked.
“Device?” Chris responded, “What do you mean?”
The booth organizer continued: “Well, the folks at SmartCity, who manage the show’s network, started to see the network shut down a few hours ago. They tracked it down to your booth, and found an odd orange-colored device in there. When they removed the device from your booth, the network was able to be restored.”
Whoops, Chris thought. The ServerMask ip100. But that little hacker anti-recon dongle only reacts when it is aggressively probed, and the more aggressive the probe, the more confusing data it generates… oh, boy.
“That is one of our products,” Chris said. “It is a security device, should be cool. I cannot believe it crashed the TechEd network.”
“Well, it did, and it has been confiscated for the time being… you should check back in with security in the morning.”
11:05PM: Cocktails continued.
In the morning, we got this little message in the booth from the TechEd show’s network managers:
It is funny, yes, but the story demonstrates the power of anti-reconnaissance and intrusion prevention (and the interplay between monitoring and security, a fine line to be walked for sure). Port80 considered any IP outside the booth to be untrusted if there was any form of probing; the SmartCity monitoring at TechEd, designed to keep worms and malware from spreading throughout the show, was designed to aggressively monitor what was happening at every IP/port combination it could “find” at every downstream connection.
The result:
the ServerMask ip100 won, until it was physically removed from the booth. Here is a picture of the little guy:
The moral of this tale? Anti-reconnaissance is a very powerful intrusion prevention defense. And you just never know when even an internal attack could be launched at your network… and if you are monitoring your network and have a ServerMask Security Appliance deployed, use the whitelist for your monitoring IPs to avoid this type of situation… and ServerMasking rules!
By 11:45AM Monday, the booth was up (minus our ip100 -- the device was returned, with the proviso that it would
not be used at the show again… bummer on showing those ServerMask logs to folks, right?), and we were open for business:
Above: Port80, The Light at the End of the IIS Security/Performance Tunnel
Above: Getting Ready for the TechEd Traffic (both IIS fans and the free schwag hunters came, one and all)
Port80 Software had a blast at TechEd. We spoke with many great customers, partners, and even a few competitors. If you were there, you may have heard a few of these lines from the Port80 folks:
“Low cost and high impact Windows IIS Web tools? Yep, we got ‘em.”
“Getting overcharged and under served by appliance vendors? Talk with us.”
“Need a custom IIS tool? Yeah, we can help there.”
“http.sys? Not our department, but we know the guys.”
It was so great to meet people face-to-face, hear what their real-world issues are and see it in their eyes, and offer good, affordable solutions to almost every security and performance issue that they had. People were also excited about the upcoming remote management and deployment options coming to all Port80 tools later this year, and some even took the time to see the world’s first Web app firewall running on IIS7 and Windows Server 2008, ServerDefender. This tool will be launched on the Port80 site very soon, but the feedback was excellent!
Thanks to all that stopped by to meet Port80 Software at TechEd 2007 in Orlando this year. We will announce the winner of the XBOX 360 tomorrow on our blog, and it will be mailed to the lucky winner next week.
If you have a chance to go to TechEd 2008, don’t miss it. It is a fun trip with real learning opportunities and a chance to see what is here and what is coming to Windows soon.
Cheers,
Port80