Microsoft Azure Storage Security

I am studying the Microsoft Azure Administrator modules off of the Microsoft “Learn” website. It is a great free resource to learn some of the hottest and most relevant modern Cloud technologies. This one particular area piqued my interest: data storage security. I know that many businesses and various leaders are pessimistic about the protection of their Cloud data. It makes sense. Why would any leader not think about the way in which their organization’s data is stored in the Cloud? To many leaders, the notion of their valuable data being moved to and handled in the Cloud does not necessarily make them feel warm and fuzzy [as we may see in the commercials ;> ]. Instead they have a healthy cynicism of their data handling. I agree with the healthy cynicism.

But Microsoft Azure has many ways in which to secure data. These include, but are not limited to, proper network security rules to block out most or all traffic; access control lists; strict internal roles based access; and good old-fashioned data encryption.

Azure automatically encrypts all data as it is stored or written to the cloud, i.e. is stored “at rest” [meaning, it is sitting on the disk, so to speak]. Any file that is written to Azure storage is encrypted with Storage Service Encryption (SSE). It is 256-bit AES encryption. This is very powerful encryption and is an industry standard. My favorite part of the SSE is that this encryption of the data that gets stored to disk does NOT affect performance. So, there is no degradation whatsoever to services. Encryption involves scrambling of bits and bytes and generally takes some resources, but Microsoft accomplishes this with no hit to resources.

Of course, in addition to the SSE security, the actual virtual disks themselves, if applicable, can be encrypted as well with ‘BitLocker’ for Windows or ‘dm-crypt’ for Linux . But I wanted to focus only on the Storage Security Encryption at this point. And this SSE should help any leader breathe a sigh of relief when thinking about their data security.

Microsoft Learn can be reached here

SonicWall 802.11ac WiFi Access Points

SonicWall SonicWave 802.11ac [Wave 2] access points target multiple market types: retail, hospitality, healthcare, education, transportation, government & financial institutions, construction, and transportation. These versatile APs [access points] go above and beyond the usual offerings, with their security radio scanner, Capture Security Center and WCM or WiFi Cloud Manager capabilities.

SonicWall Stacked Wave 2 AP

Some stand out SonicWall Wave 2 AP feature details:

  • Assist with HIPAA & PCI compliance to protect customer or patient data
  • Can power on IP phones in hotel rooms
  • Monitor networks in real-time, complete with audit logs
  • Mesh technology for easy WiFi expansion
  • Capture ATP-driven “Deep Memory Inspection” of traffic
  • Ruggedized outdoor APs with solid “IP67” ratings for harsh weather

Read all about the SonicWall Wave 2 APs

FREE Trend Micro House Call

Did you ever get that feeling that your computer was acting “funny” or was “too slow”, in an unusual sort of way? Or maybe you read a recent article about the latest malware or creepy hack attack that got you thinking about hijacked video cameras? Sometimes hacks can bypass your traditional antivirus or endpoint security. Every once in a while, I like to run the Trend Micro awesome free security scan.

There is nothing wrong with double checking your current security software! Two eyes are better than one. Trend Micro has a long track record in the security software world. They are well regarded and this is a very solid offering. Obviously, the fact that it is free makes it even better! It can be downloaded and quickly installed and run right away. Always run a full scan in this case [not the quick scan]- go big or go home, so to speak. If Trend Micro is currently in use, try the McAfee free option.

So far, so good:

Grab the free security scan here

Anti Virus Final Arbiter

Computer Antivirus software continues to be very relevant and necessary these days, despite the fact that social engineering and malware exploits may be more dangerous and numerous. Of course, most antivirus programs these days are combined with other security services [suites] or they do account for the various methods hackers employ to cause trouble, get your information or money. Everyone should use one of the top 4 or 5 rated antivirus programs (Norton, McAfee, ESET etc.) or at least Windows Defender on a PC, if you are on a budget.

But if you get a file or website virus type warning, it is always best to double check or cross reference from VirusTotal.Com. This super useful site allows for uploading files to the site for a quick analysis. Your antivirus would likely quarantine or delete a suspicious file but it is possible a mistake was made, so why not double check? And it is free! Also, any file can be uploaded for a quick ‘virus check’, not just the files giving warning etc. from a scan application. Finally, actual web site addresses can be checked. This can be useful if you are on a site that is acting slow, unusual or one that gives you that weird, uncertain feeling.

Site summary services:

“Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

Upon submitting a file or URL basic results are shared with the submitter, and also between the examining partners, who use results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.”

The website:

https://www.virustotal.com/gui/home/upload

Example of a random Windows executable file [from System32 folder] results, below.

This is a safe, standard Windows master boot record related file, called “MBR2GPT”. I know it is safe, but, this is to give a demo of the positive results. If you see a file, any file, that looks suspicious or maybe have never seen before, upload it and see for yourself.

Antivirus Companies Hacked?

In a nutshell: the cybersecurity companies that design software that is intended to protect our computers … got hacked. Therefore, it is fully possible that now the hackers understand the defense mechanisms of the companies that fight cybersecurity, at least at the PC, Mac, workstation level and maybe more. This is not good!

Details are sketchy, as is common with these hacks, and two of the victims [Norton and McAfee] deny any breach, but Trend Micro admits a breach occurred. Although Trend said the hack only affected their “lab”, this does not necessarily make customers feel any better about it, given they are in the CYBERSECURITY industry.

Read about it here

Live Cyber Attack Threat Map

This “Check Point” [or “ThreatCloud”] cyber attack map is mesmerizing. It is a live cyber or hack attack map containing oodles of attack lines that follow live, currently in progress cyber attacks. The threat map lists the time, the attack name [or virus or hack type], the source and the intended victim location: the target.

The attacks are unrelenting and endless and the lines are ongoing in this dynamic situation.

One take away I have is that every country in the world can be a cyber target. Likewise, attack sources seem to come from almost anywhere in the world, although ‘botnets’ [a group of secretly hacked, controlled computers] are likely a major factor in this.

Here is the web address for the live map:

https://threatmap.checkpoint.com/ThreatPortal/livemap.html

Microsoft Azure Sentinel

This new Azure Sentinel offering from Microsoft looks fantastic. It looks to improve the usual “SEIM” offerings out there. SEIM is an acronym for security information and event manager platform. This product or service can be set up and viewed right with Azure, of course.

The usual [overpriced] “SEIM” tools do not quite have the full Cloud ready set of tools available with Sentinel. Sentinel is, in a nutshell:

“Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds. “

Azure Sentinel in full

Atlanta hit by ransomware attack

This is actually [indirectly] courtesy of the US Government’s NSA, from a few years ago. They actually created the code that exploits Microsoft Servers that face the internet directly.

“It’s been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services.
Mayor Keisha Lance Bottoms said in a press conference Monday that the city’s government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. The city has hired local cybersecurity firm SecureWorks to assess the situation.

Reports say the notorious SamSam ransomware was used in the Atlanta attack, which exploits a deserialization vulnerability in Java-based servers. Details of the attack remain largely unknown, but an early investigation may have identified who is behind the attack, said SecureWorks chief executive Michael Cote. Almost a million dollars has been reaped from other businesses that were infected and paid the ransom. It’s not known if Atlanta will pay the ransom.”

Article here.