Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in a shared infrastructure Björn Brolin.

Published byFrancine Patterson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in a shared infrastructure Björn Brolin."— Presentation transcript:

1 Security in a shared infrastructure Björn Brolin

2 What’s the security policy What is Your assets? The unique information and function of Your IT-services Who is in control of those assets? Some companies don’t even have a single employee left Do You have a security policy? Most have but… Does it really apply to the people in control of Your assets

3 What’s the security policy We’re good, we have a written agreement that the partner will follow our security policy Lets say the partner have more than a hundred customers. Is it even realistic to assume they can comply with everyones policy We’re good, we use cloud services No security policy required?

4 Access entanglement Partner Customer 1 Customer 2 Customer 3

5 Access entanglement Information leakage RDP mapped devices Shared management of IT-resources Shared access to backend infrastructure Unauthorized access RDP mapped devices again

6 Access entanglement Weak security settings Skipping certificate validation Difficult to solve what CA:s to trust Jumphosts can make a huge difference But will also lead to a more complex administration

7 Azure web hosting plan modes under the hood The new portal allows for shell command execution Specifically stated that privileged commands are limited Difficult to screen filter every command with potential security implications Virtual Machine is close to identical regardless of hosting plan

8 Just enough administration, Just in time JEA: Package certain administrative tasks and restrict its use JIT: Admin rights are available only at certain times.

9 Just enough administration

10 LSA protection and identity theft Lslsass revisited Terminal session connect using /restrictedAdmin DisableRestrictedAdmin HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Debated in the security community as a weakness because it enables passing the hash to the remote desktop service RunAsPPL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Lsass is created as a protected process 3:rd party lsass extensions will not load any more unless they are signed correctly

11 Brave new world, F*ck Security!! :) Everything gets more interconnected every day End user equipment is no longer considered to be strictly for business use In this fast changing environment, what is the obvious strategy Holding back might strand important projects to a degree so that they fail Focus the security efforts wisely

12 Thank You For Your Time Björn Brolin bjorn.brolin@truesec.se

Download ppt "Security in a shared infrastructure Björn Brolin."

Similar presentations

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
BalaBit Shell Control Box

BalaBit Shell Control Box
Remote Desktop Services

Remote Desktop Services
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.

A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.

Piilo Makes HR Easy for Businesses of Any Size, Thanks to the Convenience of Its Mobile App and the Power of the Microsoft Azure Cloud Platform MICROSOFT.
CYBERSURF TELECOMMUNICATIONS. The company Founded in 1994 Headquarters is in Ottawa, Canada Industry: Internet Company Size: 51-200 employees - 80% of.

CYBERSURF TELECOMMUNICATIONS. The company Founded in 1994 Headquarters is in Ottawa, Canada Industry: Internet Company Size: employees - 80% of.
Findly Leads the World in Talent Innovation with Its Enterprise-Cloud for Global Talent Acquisition COMPANY PROFILE: FINDLY Findly is a SaaS ISV founded.

Findly Leads the World in Talent Innovation with Its Enterprise-Cloud for Global Talent Acquisition COMPANY PROFILE: FINDLY Findly is a SaaS ISV founded.
Hosted on the Powerful Microsoft Azure Platform, Advent Countdown Lets Companies Run Reliable and Scalable Holiday Marketing Campaigns MICROSOFT AZURE.

Hosted on the Powerful Microsoft Azure Platform, Advent Countdown Lets Companies Run Reliable and Scalable Holiday Marketing Campaigns MICROSOFT AZURE.
Unify and Simplify: Security Management

Unify and Simplify: Security Management

Similar presentations

Ads by Google