Security

Checking SaaS security configuration (SSPM)

Alex Mags

Was your SaaS software configured securely when it was deployed? Is it still configured securely now?
This article discusses the risk to your data of misconfigured/unhardened SaaS software and the emerging products to automate security checking of SaaS.

Local admin report with Defender for EndPoint

Alex Mags

Securing Windows PCs starts with managing local administator access. Microsoft Defender for Endpoint logs every login and records if it was a local admin. Use this KQL query in the Advanced Hunting portal to create a report.

Bitlocker status report with Defender for EndPoint

Alex Mags

Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.

Assign AzureAD role By AD Security Group

Alex Mags
Using AD security groups to delegate access to AzureAD roles is not supported at the moment. This post offers two workarounds. Permissions to manage Azure AD and Office365 are often assigned via Azure AD Roles. If you have strong access management processes and tooling for on prem Active Directory (access request &approval workflow, joiners & leavers, access reviews & reporting, auditing and alerts) you’ll likely want to reuse these to manage access to Azure AD and Office365.

WinOps 2019 Complaince as Code with Office365

Alex Mags
I wanted to share this idea of using versioned code and unit tests to manage Office365 tenant configuration between environments. So I did a talk about it at the annual WinOps conference in London. Slides so-i-devsecopsed-office-365

Public Cloud Risk Management

Alex Mags
A big part of my work lately has been describing, tracking and managing the risk involed with moving data from the traditional datacentre with it’s firewalled perimiter to public cloud. The NIST Cyber Security Framework was useful as a way of grouping and classifying risks. https://www.slideshare.net/AlexMagnay/risk-management-for-public-cloud-projects

Public Cloud Security talk

Alex Mags
I gave a talk on cloud security. Before companies will start using Public Cloud they need to know it’s safe to use. There’s plenty of stories in press about security breaches, but AWS for example makes it clear in their “Shared Responsibility Model” that you still have to use security best practices such as least rights privilege, network segmentation (eg a DMZ) to contain any breach. https://www.slideshare.net/hentsu/cloud-security-for-regulated-firms-securing-my-cloud-and-proving-it-65384157?qid=6a90d703-73bf-4892-b99d-cb1da1b9fcbd&v=&b=&from_search=2

Nordic Infrastructure Conference

Alex Mags
While hunting for some Hyper-V videos, I came across recorded sessions from the 4th Nordic Infrastructure Conference. No sales pitches, only some great talks from field hardened consultants. The sessions are focused on Enterprise Infrastructure (Microsoft Windows Server, System Centre, Azure, PowerShell DSC, Identity Management, Security/hacking). Session Info http://2015.nicconf.com/sessions Recorded sessions: https://www.youtube.com/channel/UChu8zqu8d1mjWxNRLlGXUAw

AD authentication to AWS from PowerShell

Alex Mags
I’ve done a couple of other posts on using AD credentials with AWS API. You setup AWS IAM to trust AD Federation Services (ADFS) for authentication. You get temporary access keys to use with the AWS API. This is safer than making lots of IAM accounts with long term passwords (Secret Access Keys) that end up embedded in code and stored who knows where. See previous posts for an overview of AD authentication to AWS.