Security remains a top of mind issue across the board. The recent worldwide sweep of the WannaCry ransomware attack served as a reminder—not that we needed one—that cybersecurity seems to be a fire that simply refuses to be put out. And indeed it may never be. As our cybersecurity solutions and policies evolve, it seems the bad guys evolve just a couple of steps ahead. Thankfully, for every successful attack, there are many more successful defenses. If you’re looking to broaden your security knowledge, or just looking for some specific resources, take a trip through some of these Windows security blogs. They're sure to shore up your security smarts.
This is the latest word in security from Microsoft itself. The lead post right now announces that the Microsoft Security Intelligence Report Volume 21 is now available
. Besides tactical advice and analysis of the latest cybersecurity headlines, this blog is good place to find resources like this.
Posted by the Microsoft Secure Blog Staff, this post states, "The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions."
The post entitled "Security in agile development," written by Talhah Mir, Principal PM Manager, looks a good practical look at how agile development can have a direct impact on software. Mir writes, "Most enterprises' security strategies today are multifaceted—encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. It’s here that security can be "built in" to ensure that applications meet the security requirements of enterprises today and are aligned to a holistic, end to end security strategy."
Other posts, like Cybersecurity and cyber-resilience – Equally important but different, by Paul Nicholas, Senior Director of Trustworthy Computing take a high level philosophical look at the current state of cybersecurity, the larger scale trends, and what we're likely to face in the future. Nicholas writes, "The October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology's pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome than in the past."
Bruce Schneier, a distinguished security expert who has written 13 books on the topic, is a fellow at Harvard University and appears regularly on a host of TV and radio programs. His blog explores policy and current events as well as in-the-trenches tips.
In this post, he covers the NSA decision to no longer collect information solely based on message content: "Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to."
If you are still searching for info on WannaCry, Schneier covers it here: "Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on the data. But they can charge individuals a few hundred dollars, and they can charge institutions like hospitals a few thousand. Do it at scale, and it's a profitable business."
Here, he discusses an extremely interesting discovery regarding HP laptops: "This is a weird story: researchers have discovered that an audio driver installed in some HP laptops includes a keylogger, which records all keystrokes to a local file. There seems to be nothing malicious about this, but it's a vivid illustration of how hard it is to secure a modern computer."
This is a solid, in-depth resource that gets sufficiently technical to satisfy the deepest security geeks. Penned by Randy Franklin Smith, some recent posts include:
In this post, Work Smarter—Not Harder: Internal Honeynets Allow You to Detect Bad Guys Instead of Just Chasing False Positives
, he discusses how honeynets could change the detection game: "Log collection, SIEM and security monitoring are the journey not the destination. Unfortunately, the destination is usually a false positive. This is because we’ve gotten very good at collecting logs and other information from production systems, filtering that data and presenting it on a dashboard. But we haven't gotten that good at distinguishing events triggered by bad guys from those triggered by normal every day activity. A honeynet changes that completely."
This entry, Tracking removable storage with the Windows Security Log, discusses auditing the removeable storage access in Windows: "With data breaches and Snowden-like information grabs I'm getting increased requests for how to track data moving to and from removable storage such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access."
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online reveals how important monitoring the email inbox actually is: "E-mail remains one of the most heavily used communications mediums within organizations today. With as much as 75 percent of your organization's intellectual property stored in e-mail, Microsoft Exchange is for all practical purposes a treasure trove of organization’s most valuable secrets—just waiting for inappropriate access."
This blog is a great technical resource for IT teams. There's a lengthy list of topics covered that span the range of platforms you're tasked with supporting and securing.
What are some of your favorite Windows security blogs? Drop me a line at firstname.lastname@example.org!
Posted by Lafe Low on May 19th, 2017 at 2:21 PM0 comments
PowerShell is indeed a powerful ally. Using its raw command-line power for automation and configuration management has given Windows devotees a fundamental level of precision control for years. PowerShell has been around long enough that there are some incredibly rich and detailed references in the blog world. Here are a few PowerShell blogs you should add to your favorites list.
This is the official word straight from the proverbial horse's mouth—the Microsoft PowerShell team blog. You can pretty much take what you read here and put it right to work without questioning its validity or accuracy.
In a recent post entitled, "A Comparison of Shell and Scripting Language Security," the team describes its current stance on security and the role PowerShell can play. The team writes, "As PowerShell has become more popular, it has also become more popular for unauthorized administrators—also known as 'Attackers.' In any operating system or platform, the power and efficiency you provide authorized administrators is also available to unauthorized administrators. For example, Unix, Linux, and Mac all have dozens of powerful built in compilers, scripting languages, and debuggers. It’s a power user's dream, but also a liability. The PowerShell team has recognized this double-edged sword since the introduction of PowerShell in 2006. In the last 10 years, we’ve invested greatly in both securing and hardening PowerShell. In PowerShell version 5, we really cranked up the dials on making PowerShell security transparent—the results of which we describe in our post, PowerShell ♥ the Blue Team."
By all means check out the security improvements to PowerShell listed in that referenced post. Other recent posts on the official Microsoft PowerShell team blog include everything from availability announcements to specific step-by-step how-to posts:
This is also a Microsoft blog, but is clearly focused more on the how-to angle. Recent posts on this well-done blog include Debugging PowerShell script in Visual Studio Code—Part 1 and Part 2. The posts are clear, well-organized and at a good technical level for enterprise admins.
There's also a four part series on a PSScriptAnalyzer deep dive. Part four leads off with: "PSScriptAnalyzer comes with a total of 45 rules that are based on community best practices. PowerShell team members at Microsoft and the community developed these rules. The built-in rules are a great baseline, and a good starting point that will quickly tell you if a script or module has any glaring flaws before you get too deep into it. That's great, but what if you or your team has some more stringent standards or you want to borrow the PSSA engine to check scripts for some other reason? You'll need a custom rule."
Other current posts include "Cloud operating system deployment: WinPE in Azure." There's also a series called PowerTips, which includes posts on:
- PowerTip: Get a list of security patches installed in the last 90 days
- PowerTip: Get a list of suspended Azure Automation jobs
- PowerTip: Convert from UTC to my local time zone
This is Jeffrey Hicks' PowerShell blog, in which he lists plenty of other training references and books on "the shell." A lot of books he references he has authored or co-authored himself, including the two titles he would consider essential. He also references to two Microsoft blogs mentioned above. On his blog, he writes, "If you want to get up to speed even faster, you can get a copy of my free eBook on PowerShell 4
for beginners that I wrote for Veeam. After that, get a copy of The Windows PowerShell Cookbook
by Lee Holmes. This is a fantastic resource on all the things you can do with PowerShell."
Jeff further recommends, "You should keep up with the official Microsoft PowerShell team and Hey, Scripting Guy! blogs. It also wouldn’t hurt to bookmark the Microsoft Script Center."
For a veteran PowerShell guy (and veteran TechMentor presenter!) like Jeffrey Hicks, this is a good one to follow.
What are your favorite PowerShell blogs? Let me know at email@example.com. Stay tuned for more PowerShell blogs in future posts!
Posted by Lafe Low on April 20th, 2017 at 11:37 AM0 comments
There's nothing quite like information straight from the source. That's exactly what TechMentor delivers this August 7-11 as we return to the Microsoft Campus for another week of straight-from-the-mothership IT learning.
The conversation continues this year with another look at the topics and technologies that are relevant and immediately-usable in your IT datacenter. Like always, each of our sessions is taught by either an independent industry expert who knows and uses their technology in the trenches; or, by one of Microsoft’s “blue badges” themselves. No one knows these topics better, and no one is better equipped to knowledge transfer them to you.
We break the content apart this year into seven major tracks, giving you the opportunity to hone your server and datacenter skills, learn the details of implementing DevOps, dig deep into the biggest client issues of the day, enhance your infrastructure and security positioning, get the real-world and immediately-usable guidance for cloud services, and even brush up on your soft skills. Take a tour through this extensive catalog of courses for all the details.
That's not all, though. TechMentor is also…not…the biggest IT learning conference out there. At TechMentor, we're not large and you're not a number. You'll get one-on-one with our speakers and experts during our Birds-of-a-Feather lunch events, our kick-off Dine A-Round Dinner, and our Wednesday evening Seattle Sunset Cruise, among a week of opportunities.
You're also not bound by the usual 75-minute sessions seen at most other conferences. TechMentor goes deep with morning three-hour Deep Dives along with an entire Monday and Friday of long-form, and in some cases Hands-On, sessions that are not to be missed.
Whether your datacenter has a dozen servers or a thousand; whether they're centralized or distributed globally; whether they're physical or virtual; whether they're on-premises or deployed in the cloud; TechMentor offers cutting-edge education designed to help you get the most from your current investment, while making smart decisions for future technology investments.
Are you ready for an unforgettable week in the middle of everything? We'll see you in Redmond!
Senior Technical Fellow, Adminize
Author Evangelist, Pluralsight
TechMentor Conference Co-Chairs
Posted by Lafe Low on March 24th, 2017 at 11:37 AM0 comments