It is with great pleasure that I announce I have recently joined the team at Iron Networks. Iron Networks (formerly nAppliance) is a division of Iron Systems based in San Jose, CA. Iron Networks is a Microsoft OEM partner specializing in turn-key cloud security and access solutions and converged infrastructure platforms. I’ll be intimately involved with many familiar Microsoft technologies like Forefront UAG 2010, DirectAccess, Hyper-V, and System Center 2012. Iron Networks has some compelling solutions for secure remote access, including a comprehensive remote access appliance that includes both Windows Server 2012 DirectAccess and Forefront UAG 2010. The Unified Remote Access (URA) platform effectively addresses remote access needs for both managed and non-managed clients. In addition, Iron Networks has an interesting new solution aimed at simplifying private cloud deployment and public cloud integration. The Iron Networks MNV Cloud Gateway Appliance, using System Center 2012 Virtual Machine Manager SP1 and Hyper-V network virtualization technologies, is designed to ease the pain of migrating virtual workloads across subnets between on-premises datacenters or to hosted, public cloud datacenters. Finally, Iron Networks has a complete, ready to deploy private cloud solution that was recently featured in the keynote address at the Microsoft Management Summit 2013. After working for many years with niche technologies like ISA server and Forefront TMG 2010, I’m really excited about the opportunity to be more closely involved with mainstream technologies like Hyper-V, System Center 2012, and private, hybrid, and public cloud solutions. Of course I’ll be sharing my experiences with you here and across my various social media channels, so be sure to connect with me to stay in touch!
Great news! Windows Server 2012 Security from End to Edge and Beyond is now available for pre-order! Yuri Diogenes along with Tom and Deb Shinder are the authors of this forthcoming title from Syngress Publishing which covers architecting, designing, planning, and deploying Windows Server 2012 security solutions. I have the privilege of serving as the technical reviewer of the book and I can tell you from experience it will be a vital reference that anyone working with Windows Server 2012 will want to have in their library. Pre-order your copy today!
Recently I had the opportunity to review the Microsoft System Center Endpoint Protection Cookbook from PACKT Publishing. The “cookbook” series from PACKT provide clear, concise instruction on how to accomplish various tasks with specific products. Written by Andrew Plue, a System Center veteran and consultant for Certified Security Solutions, this book provides a wealth of valuable information for engineers and administrators seeking to deploy System Center Endpoint Protection (SCEP) in their environments. The timing of this book review was perfect for me, as I was preparing to build out a product demonstration lab and wanted to leverage the endpoint protection components provided by System Center Configuration Manager 2012. Installing SCCM and SCEP is not exactly intuitive, but thankfully the book provided detailed, prescriptive guidance on how to implement, configure, and manage SCEP including a chapter dedicated to building out a SCEP lab environment. If you are considering a migration from Forefront Endpoint Protection (FEP) 2010 or a competing third-party solution, you’ll definitely want to add this reference to your library soon.
It is with great pleasure that I can announce I have recently signed on with Syngress to be the technical reviewer for Tom Shinder and Yuri Diogenes’ new book about Windows 8 security. I’ve been spending a lot of time over the last few months getting to know Windows 8, both server and desktop. Until now I’ve been focused mostly on new features, specifically around the core networking and remote access capabilities (which are exceptional!). Working on this book with Tom and Yuri will be an excellent opportunity to learn about all of the wonderful new security features of the latest Microsoft operating system. As a network security specialist and former information security engineer for a Fortune 100 financial services institution, I’m hoping I can provide helpful and meaningful feedback to these two experienced and talented authors. I’ll post more details about the book when I can share them. Until then, watch this space as well as Tom and Yuri’s blogs for latest news about this new book!
Reading details about the recent attack and compromise at SecurID, I was dumbfounded when I came across the following:
“The attacker then used FTP to transfer many password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack.”
I’m not surprised at all that an attacker was able to infiltrate the RSA private network. However, with this and myriad similar attacks I’ve read about over the past few years, one thing that consistently amazes me is the relative ease with which attackers can get back out.
It appears in this case that RSA allows outbound FTP to anywhere on the Internet. Clearly this is not good security practice. This is not to say that an attacker couldn’t use another channel to exfiltrate stolen data, but having such generous outbound access rules for file transfer protocols makes it that much easier for the criminals.
To provide better protection from these types of attacks, security policy should be updated to disallow unrestricted outbound FTP access to the general Internet. Following the principle of least privilege, outbound FTP access should be granted only to certain users and to specific sites, and only after it is determined there is a business requirement for such access. This access should be reviewed on a periodic basis.
Using Forefront TMG 2010 and leveraging the TMG Firewall Client, it is possible to create outbound FTP access rules and enforce user and group authentication. Although this won’t necessarily prevent an attacker from uploading data through the gateway, it presents yet another hurdle for the attacker to clear in order to extract data. If the attacker is still successful, the access logs on the Forefront TMG firewall will include valuable forensic data, including the name of the application used to transfer data and the account information used by the attacker, in addition to the usual log detail (e.g. source and destination IP addresses, etc.).
State-of-the art perimeter defense technology is not enough. Security policy and strong network egress filtering are essential to prevent data loss. I’d suggest reviewing your outbound access policies today.
I am very excited to announce that I have been awarded the Microsoft Most Valuable Professional (MVP) award for 2010! This is my second award, and it is a tremendous honor to be recognized for my efforts in promoting Microsoft Forefront edge security products worldwide. It is a wonderful privilege to be included among so many great professionals. Thank you to Microsoft for this prestigious award, and special thanks to my employer, Celestix Networks, who makes it possible for me to travel the world extoling the virtues of these great Microsoft security solutions. See you at the MVP summit in February 2011!
Over the next few months I’ll be traveling and speaking frequently, giving presentations at conferences, delivering training classes, speaking at seminars, and more. I’ve created an Events page here to keep everyone informed about where I am and what I’m doing. Chances are good that I’ll be in your part of the world sometime this year or next, so register for one of the events and introduce yourself!