Where's the source!

26th of July, 2017 / / No Comments

SauceIn this post I will talk about data (aka the source)! In IAM there’s really one simple concept that is often misunderstood or ignored. The data going out of any IAM solution is only as good as the data going in. This may seem simple enough but if not enough attention is paid to the data source and data quality then the results are going to be unfavourable at best and catastrophic at worst.
With most IAM solutions data is going to come from multiple sources.… [Keep reading] “Where's the source!”

Enabling and Scripting Azure Virtual Machine Just-In-Time Access

24th of July, 2017 / / No Comments

Last week (19 July 2017) one of Microsoft’s Azure Security Center’s latest features went from Private Preview to Public Preview. The feature is Azure Just in time Virtual Machine Access.

What is Just in time Virtual Machine access ?

Essentially JIT VM Access is a wrapper for automating an Azure Network Security Group rule set for access to an Azure VM(s) for a temporal period on a set of network ports restricted to a source IP/Network.… [Keep reading] “Enabling and Scripting Azure Virtual Machine Just-In-Time Access”

Getting started with Azure Cloud Shell

16th of July, 2017 / / 2 Comments

A few weeks back I noticed that I now had the option for the Azure Cloud Shell in the Azure Portal.

What is Azure Cloud Shell?

Essentially rather than having the Azure CLI installed on your local workstation, you can now initiate it from the Portal and you have automatically assigned (initiated as part of the setup) 5Gbytes of storage associated with it. So you can now create, manage and delete Azure resources using a centrally hosted CLI session.… [Keep reading] “Getting started with Azure Cloud Shell”

Cloud Security Research: Cross-Cloud Adversary Analytics

12th of July, 2017 / / No Comments

Newly published research from security firm Rapid7 is painting a worrying picture of hackers and malicious actors increasingly looking for new vectors against organizations with resources hosted in public cloud infrastructure environments.
Some highlights of Rapid7’s report:

  • The six cloud providers in our study make up nearly 15% of available IPv4 addresses on the internet.
  • 22% of Softlayer nodes expose database services (MySQL & SQL Server) directly to the internet.
  • Web services are prolific, with 53-80% of nodes in each provider exposing some type of web service.
[Keep reading] “Cloud Security Research: Cross-Cloud Adversary Analytics”

Security Vulnerability Revealed in Azure Active Directory Connect

10th of July, 2017 / / No Comments

Microsoft ADFS
The existence of a new and potentially serious privilege escalation and password reset vulnerability in Azure Active Directory Connect (AADC) was recently made public by Microsoft.
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-whatis
Fixing the problem can be achieved by means of an upgrade to the latest available release of AADC 1.1.553.0.
https://www.microsoft.com/en-us/download/details.aspx?id=47594
The Microsoft security advisory qualifies the issue as important and was published on Technet under reference number 4033453:
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Azure Active Directory Connect as we know takes care of all operations related to the synchronization of identity information between on-premises environments and Active Directory Federation Services (ADFS) in the cloud.… [Keep reading] “Security Vulnerability Revealed in Azure Active Directory Connect”

Azure Build Pipeline using ARM Templates and Visual Studio Team Services

24th of June, 2017 / / No Comments

Overview

When having to deploy resources within Azure you can easily log in to the Azure Portal and start deploying resources, however with the number of components needed to build a working solution this can quickly become time consuming. You may also need to deploy the same solution in a Development, Test, and Production environment and then make some changes to the environment along the way.
There is a lot of talk about DevOps and Infrastructure as Code (IaC) in the IT industry at the moment.… [Keep reading] “Azure Build Pipeline using ARM Templates and Visual Studio Team Services”

Combining Ansible and AWS Cloudformation for Windows Provisioning

15th of June, 2017 / / No Comments

Imagine an agentless “robot” user that you can program to configure servers, network equipment, public cloud resources, deploy applications, etc.

Ansible is an IT automation solution which was acquired by RedHat in 2015. Already popular before the RedHat takeover, Ansible is becoming and more more common in IT organisations.

Originally targeted at Linux hosts as a target for automated configuration management and orchestration, Ansible acquired in version 2.0 capabilities to automate network devices.

And in version 2.3, which has been just released, Ansible’s Windows friendly features have been seriously augmented with domain related modules and an experimental “runas” feature.… [Keep reading] “Combining Ansible and AWS Cloudformation for Windows Provisioning”

Migrating 'SourceAnchor' from 'ObjectGUID' using new AAD Connect 1.1.524.0

31st of May, 2017 / / 9 Comments

I count myself lucky every now and again, for many reasons.  I have my health.  I have my wonderful family.
Today, however, it’s finding out the latest version of AAD Connect (v1.1.524.0) will probably give me back a few more months of my life.
The reason?  My customer’s chosen configuration of their AAD Connect to choose the default value of ‘ObjectGUID’ for their ‘SourceAnchor’ value.
Now, for most organizations with a single AD forest, you’re laughing. … [Keep reading] “Migrating 'SourceAnchor' from 'ObjectGUID' using new AAD Connect 1.1.524.0”

A Way to Keep Logs Safe on Disposable Servers

25th of May, 2017 / / No Comments

Automatic replacement of failed cloud configuration items is a life-saver. Having items recover themselves with no ops team intervention can be a life-saver too, and not to mention a sleep-saver. Relieved from the responsibility of having to restore service, the only outstanding task is often to explain what happened.
What if the thing that failed was an EC2 application server running RedHat and the logs were on the server’s now-replaced volumes though? The contents of /var/log are gone, and while we might be capturing them in a log aggregator like Splunk or a syslog system of some sort, those aren’t always simple to compile into a report or send to an application vendor for a post mortem. … [Keep reading] “A Way to Keep Logs Safe on Disposable Servers”

API Mocking for Developers

18th of May, 2017 / / 2 Comments

API is the most common practice to exchange messages in a microservices architecture world. There are actually two different approaches for API development. One is called Model First and the other is called Design First. Usually the latter, AKA Spec-Driven Development (SDD), is preferred over the former.
When is the Model First approach useful? If you are running legacy API applications, this would be a good example of using this approach. If those systems are well documented, API documents can be easily extracted by tools like Swagger which is now renamed to Open API.… [Keep reading] “API Mocking for Developers”