Security in a shared infrastructure Björn Brolin.

Slides:

Advertisements

Similar presentations

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.

Advertisements

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

BalaBit Shell Control Box

Remote Desktop Services

A responsibility based model EDG CA Managers Meeting June 13, 2003.

Grid Security. Typical Grid Scenario Users Resources.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.

A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.

Unified Logs and Reporting for Hybrid Centralized Management

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Internet Protocol Security (IPSec)

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.

CYBERSURF TELECOMMUNICATIONS. The company Founded in 1994 Headquarters is in Ottawa, Canada Industry: Internet Company Size: employees - 80% of.

Findly Leads the World in Talent Innovation with Its Enterprise-Cloud for Global Talent Acquisition COMPANY PROFILE: FINDLY Findly is a SaaS ISV founded.

Hosted on the Powerful Microsoft Azure Platform, Advent Countdown Lets Companies Run Reliable and Scalable Holiday Marketing Campaigns MICROSOFT AZURE.

Unify and Simplify: Security Management

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

What! WINDOWS AZURE AND POWERSHELL POWERED MALWARE BY KIERAN JACOBSEN.

Troubleshooting Windows Vista Security Chapter 4.

With the Help of the Microsoft Azure Platform, Awingu’s Web-Based Workspace Aggregator Enables Concrete and Easy Mobility Scenarios MICROSOFT AZURE ISV.

INTERNAL COMPANY CONFIDENTIAL John Einhaus, Micro Focus NetIQ: Single Sign On and Advanced Authenticaion SUSE: Linux.

Access-Lists Securing Your Router and Protecting Your Network.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Preview JUNE 2012 Introduced Windows Azure Infrastructure Services General Availability APRIL 2013 Commercially-backed SLA and formal support agreements.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security.

1 Panda Perimetral Management Console. 2 Panda Perimetral Management Console Centralized management from the cloud The Perimetral Console, short for Panda.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Solvoyo Answers the Weaknesses of Existing Supply Chain Planning Systems and Elevates Performance, with Help from the Powerful Microsoft Azure Cloud MICROSOFT.

== Enovatio Delivers a Scalable Project Management Solution Minus Large Upfront Infrastructure Costs, Thanks to the Powerful Microsoft Azure Platform MICROSOFT.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Connect Applications and Business Partners in Integration Cloud, the Reliable and Transparent Integration Environment Built on Microsoft Azure MICROSOFT.

With xTV, Quickly Build Your Enterprise.TV Network, a Single-Destination, Real-Time Stream of Information to Inform Customers, Employees, Partners & Investors.

Microsoft Azure Powers the Convenios e Obras Module for the Connected Government Solution, Which Can Integrate, Speed Up Decision-Making MICROSOFT AZURE.

Restricted Admin & Credential Exposure MMS Minnesota 2014 Hasain Alshakarti – TrueSec Enterprise Security #MMSMinnesota #MMSConfigMgr #MMSLove.

ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

Dial-in Access Policy By Matt Lynott. Reasoning The reason for this policy is to define appropriate dial-in access and its use by authorized personnel.

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

Grades4sure PDF Dumps CompTIA Security + Certification Exam

Module 1: Identity is the New Perimeter

Create, Manage RDSH Farms in Azure to Offer Any Windows App as a Service from Anywhere MINI-CASE STUDY “Our partnership with Microsoft has opened up new.

Microsoft Ignite /31/ :08 AM

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Microsoft Azure Enables Enhanced Parental Control and Advanced Multi-Device Security “Security, scalability, and high availability were our most important.

OpenNebula Offers an Enterprise-Ready, Fully Open Management Solution for Private and Public Clouds – Try It Easily with an Azure Marketplace Sandbox MICROSOFT.

9/19/2018 2:49 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Download dumps - Microsoft Real Exam Questions Dumps4download

On and Off Premise Secure Access

Unit 27: Network Operating Systems

Utilize Group Policy Terminal Server Settings

Azure AD Application Proxy

Access and Information Protection Product Overview October 2013

Computer Security Distributed System Security

MICROSOFT AZURE ISV PROFILE: ONEBE

Protect Your Microsoft Azure Cloud Assets Against Inside and Outside Threats With Balabit’s Shell Control Box Privileged User Monitoring Solution Partner.

TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

TechEd /18/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

Microsoft 365 Business Technical Fundamentals Series

Microsoft AZ-500 Dumps Pdf – Latest And Authentic Material

Preparing for the Windows 8.1 MCSA

Presentation transcript:

Security in a shared infrastructure Björn Brolin

What’s the security policy What is Your assets? The unique information and function of Your IT-services Who is in control of those assets? Some companies don’t even have a single employee left Do You have a security policy? Most have but… Does it really apply to the people in control of Your assets

What’s the security policy We’re good, we have a written agreement that the partner will follow our security policy Lets say the partner have more than a hundred customers. Is it even realistic to assume they can comply with everyones policy We’re good, we use cloud services No security policy required?

Access entanglement Partner Customer 1 Customer 2 Customer 3

Access entanglement Information leakage RDP mapped devices Shared management of IT-resources Shared access to backend infrastructure Unauthorized access RDP mapped devices again

Access entanglement Weak security settings Skipping certificate validation Difficult to solve what CA:s to trust Jumphosts can make a huge difference But will also lead to a more complex administration

Azure web hosting plan modes under the hood The new portal allows for shell command execution Specifically stated that privileged commands are limited Difficult to screen filter every command with potential security implications Virtual Machine is close to identical regardless of hosting plan

Just enough administration, Just in time JEA: Package certain administrative tasks and restrict its use JIT: Admin rights are available only at certain times.

Just enough administration

LSA protection and identity theft Lslsass revisited Terminal session connect using /restrictedAdmin DisableRestrictedAdmin HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Debated in the security community as a weakness because it enables passing the hash to the remote desktop service RunAsPPL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Lsass is created as a protected process 3:rd party lsass extensions will not load any more unless they are signed correctly

Brave new world, F*ck Security!! :) Everything gets more interconnected every day End user equipment is no longer considered to be strictly for business use In this fast changing environment, what is the obvious strategy Holding back might strand important projects to a degree so that they fail Focus the security efforts wisely

Thank You For Your Time Björn Brolin