Daily Archives: November 11, 2019

#cybersecurity | #hackerspace | RADIUS Server in Azure – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Azure® is a cloud infrastructure provider that offers compute, storage, and other infrastructure platforms, such as Office 365™. Azure introduced its own identity management solution called Azure Active Directory® (AD), but this doesn’t serve as a solution for bringing the on-prem directory service, Active Directory, to the cloud. Though Azure does not offer its own RADIUS server, RADIUS-as-a-Service solutions make it simple to level up the security of WiFi and VPN networks.

What Does Azure AD Do?

Azure AD incorporates a user management function (like authentication and authorization) for Azure services (like compute, storage, and applications). Azure AD provisions, deprovisions, and modifies user access to Azure-related services such as Windows® servers and Office 365.

It also does web application single sign-on, enabling SSO for Office 365, Salesforce®, Dropbox, and other select applications to be accessed with a singular identity.

What Azure AD doesn’t offer is an integrated, hosted, and managed RADIUS solution, making it difficult to manage access to VPNs and on-prem WiFi and forcing IT admins to leverage other mechanisms to manage user access. Often this means setting up their own RADIUS servers (i.e. FreeRADIUS or Windows NPS) to keep their networks secure.

Azure AD RADIUS Authentication Services

Because Azure AD doesn’t have native RADIUS server functionality, IT admins need to employ different methods for securing their on-prem wireless Internet access. 

For instance, admins can host a RADIUS server in Azure, either through an NPS extension or through FreeRADIUS, but this process is time consuming, requiring extensive self-implementation and potentially forcing IT admins to stray away from cloud-based services and applications that shift the heavy lifting of the infrastructure to a third party. Beyond that, admins still have to integrate the RADIUS infrastructure back into whatever core directory service they are using. 

Time Consuming

Azure AD does offer IT admins the ability to configure Azure MFA servers for RADIUS authentication through an NPS extension, or they can implement their own FreeRADIUS authentication source to be linked back to AD.

However, Microsoft’s solution is limited in that it only supports RADIUS authentication (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> RADIUS Server in Azure – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#infosec | Report Reveals Businesses Aren’t Ready for 5G

Source: National Cyber Security – Produced By Gregory Evans

A new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration. 

The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to automate security. 

A degree of reticence was also detected when it came to the planned adoption of a shared security model that would enable certain functions to be shifted to carriers.

The report was built using data drawn from a survey of 704 cybersecurity professionals from around the globe, all of whom work for organizations with more than 500 employees. 

Nearly all respondents in the survey expect to make 5G-related security changes within the next five years, and 16% say they have already started preparing before the mainstream wave of 5G deployments arrives. 

Asked about what their preparations were focused on, the larger attack surface topped the list as a worry for 44% of respondents, followed by the greater number of devices accessing the network, which was a concern for 39%. 

Ranking third and fourth, drawing the focus of 36% and 33% of respondents, respectively, were the need to extend security policy to new types of IoT devices and the need to authenticate a larger number and wider variety of devices.

Only 29% of respondents said they plan to implement security virtualization and orchestration during the next five years.

Researchers wrote: “Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind. 

“The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services. Many enterprises are not considering this as a possibility, according to our data.”

With 5G, the size of the cyber-attack surface expands, creating more opportunities for bad actors to strike. Despite this, researchers found that enterprises did not appear to have fully considered how to boost their vulnerability management programs (both patching and mitigation) for devices at the edge, which may carry vulnerabilities that go unnoticed and unpatched.

Additionally, only 33% of enterprises surveyed had implemented multi-factor authentication, and 7% said they plan to implement it during the next five years.

A spokesperson for AT&T wrote: “To better realize how large (and vulnerable) the attack surface becomes with 5G, consider that 274 petabytes of data are currently crossing AT&T’s network each day, and with 5G this number is expected to increase by 10x.”

Currently, neither 5G service nor 5G phones are available everywhere in the United States, and release dates vary for every carrier. Verizon, Sprint, Starry, AT&T, and T-Mobile are providing some coverage already, mostly in major cities, including New York, Washington, DC, Los Angeles, Houston, Chicago, Phoenix, Atlanta, Boston, Denver, and Dallas–Fort Worth.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Report Reveals Businesses Aren’t Ready for 5G appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | Security @ Serverless Speed – A Protego Use Case

Source: National Cyber Security – Produced By Gregory Evans

Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight a team struggling with traditional AppSec in serverless and finding security at serverless speed, their security driver and challenges, solution & ultimate results

Security At Serverless Speed – The Challenge  

A large Fortune 500 Insurance company recently made significant investments into moving many of its internal applications to the public cloud, and adopted a serverless-first strategy. This strategy let the applications teams deploy new features at nearly three times their previous pace, and reduced the overhead of operations significantly. The security team, however, found itself in a lose-lose situation, forced to choose between delaying deployment of important features at to allow time for proper reconfiguration of their WAF and security posture, or allowing things to roll out and hope to catch risks and vulnerabilities before any breaches occur.

The Solution

The team chose to integrate Protego for automatic runtime protection, which allowed them to embrace serverless speed and:

  • Get real-time visibility and control of their application security posture
  • Create custom rules & exceptions to set zero trust boundaries 
  • Provide the development team with zero-configuration application defense that continuously protected their applications from both known and unknown attacks

The Results

Using Protego for runtime defense the company was able to:

  • Release secure functionality at serverless speed without delaying development
  • Save both development and security teams times with zero manual security configurations

What’s Next?

Enable Protego Proact during CI/CD to improve security posture before functions reach the cloud, and make sure developers are doing the right thing from the start. This allows companies to shift security left and minimize risky deployments to a minimum. 

The post Security @ Serverless Speed – A Protego Use Case appeared first on Protego.

*** This is a Security Bloggers Network syndicated blog from Blog – Protego authored by Danielle Guetta. Read the original post at: https://www.protego.io/security-at-serverless-speed/

Source link

The post #cybersecurity | #hackerspace |<p> Security @ Serverless Speed – A Protego Use Case <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#city | #ransomware | 90pc of UK’s biggest law firms at risk of having confidential client data stolen

Source: National Cyber Security – Produced By Gregory Evans

Around nine in 10 of the UK’s biggest law firms are at risk of being scammed or having their clients’ confidential data stolen or compromised due to sub-standard IT security.

A new study of 200 of the country’s biggest law firms found more than 90pc are exposed to having their websites and email addresses spoofed or imitated, leaving troves of secret client information vulnerable to hackers.

A fifth of top firms use services reliant on out of date software, placing them at increased risk of cyber crimes similar to the WannaCry ransomware attack that hit businesses around the world in 2017 and cost the NHS – one of the victims – £92m.

The figures are from an investigation of deficiencies in law…

Source link

The post #city | #ransomware | 90pc of UK’s biggest law firms at risk of having confidential client data stolen appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof