WindowSecurity.com - Monthly Newsletter - October 2015

Welcome to the WindowSecurity.com newsletter by Richard Hicks (MCSE, MCITP:EA, MCSA, Enterprise Security MVP), independent consultant and Microsoft network security and remote access expert. Each month we will bring you interesting and helpful information pertaining to Windows Security. We want to know what all of *you* are interested in hearing about, so please send your questions and suggestions for future newsletter content to winsec@richardhicks.com.


1. Editor's Corner

A few weeks ago Microsoft held a virtual conference for their public cloud service, Azure. At “AzureCon”, Microsoft made a number of important announcements about new features and services coming to Azure, including the general availability of new Azure regions in India, new N-Series virtual machines with GPU capabilities (impressive!) a new Internet of Things (IoT) suite, an Azure Container service, and finally (and most significant in my opinion!) the Azure Security Center. In my view, the Azure Security Center is going to be a real game-changer. I believe this service alone will make the Azure public cloud infrastructure extremely compelling by offering comprehensive security management and monitoring not available anywhere else, either another public cloud or your on-premises data center.

--Rich

Introducing the Azure Security Center

The recently announced Azure Security Center is a service offering designed to provide unprecedented visibility and control for all of your Azure resources, including infrastructure and applications. This unified security management service provides administrators with unique capabilities that will help prevent, detect, and respond to security threats across all of your Azure services. With the Azure Security Center, not only do you have access to a wealth of information about the security configuration and status of your services, you can create custom polices to ensure that your services comply with your security standards. One of the examples given during the conference demonstrated a policy that stated web application servers must be protected with a web application firewall (WAF). If an administrator spins up a web server, Azure Security Center can provide an alert that a web workload is not protected and does not conform to defined policy. In addition, the Azure Security Center will allow the quick and simple deployment of a WAF from an Azure partner. With just a few clicks you can deploy the WAF and have it configured automatically to protect the service. Also, the new WAF will then be integrated into the Azure Security Center, providing logging information, telemetry, and feedback that will be used to provide even more security information.

Azure Security Center collects logging and alerting information from all of your deployed Azure services, both platform and infrastructure. This includes any virtual machines you have deployed as well. No need to configure individual servers to collect this information, it’s done for you automatically. With advanced analytics and deep integration with all Azure resources, along with Microsoft’s vast threat intelligence gathering, potential attacks are identified quickly. Azure Security Center can also integrate with existing Security Information and Event Management (SIEM) systems on-premises, if required.

Azure Security Center can also provide an instant view of resource health across all of your virtual machines deployed in Azure. Administrators can quickly and easily detect when a system is out of compliance, and easily remediate those systems by making configuration changes directly from the Azure Security Center. For example, if a virtual machine is deployed in Azure that lacks antimalware, the administrator will be notified in the Azure Security Center and can then takes steps to get the appropriate antimalware software installed and configured. Resource health can also be viewed for additional services as well. Resource health monitoring is also available for Azure networking, SQL, and applications.

At the time of this writing the Azure Security Center is not yet available, even in preview. However, if you are interested in getting an advance look at this service, you can request an invite to the public preview, which should be available sometime later this year.

 

2. Bulletproof SSL and TLS

With recent revelations of widespread surveillance by government agencies, a strong push is on to encrypt all types of communication regardless of sensitivity. With the popularity and ubiquity of web-based communication, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have quickly become essential tools to provide the highest level of security and protection for network communication. 

Ivan Ristic, one of the foremost experts in the field of SSL and TLS, recently released a comprehensive guide for deploying secure web servers and applications using SSL and TLS. The book provides a valuable overview of the SSL and TLS protocols along with PKI, and also includes detailed, prescriptive guidance for configuring and deploying systems using SSL and TLS, both Windows and open source.

Order your copy of Bulletproof SSL and TLS today!

Image

Click here to order your copy today!


3. Microsoft Security Bulletins for October 2015

For the month of October Microsoft released 6 security bulletins. 2 are rated critical and 4 important. Affected software includes Internet Explorer and Microsoft Edge, JavaScript and VBScript, Microsoft Office, and all supported versions of Windows. Overall it’s a pretty light load this month, with the most critical updates being for Internet Explorer and Office.

For more information about October’s security bulletins click here.

4. Microsoft Security Advisories for October 2015

For the month of October, no new security advisories were released. However, several important advisories have been updated. These include 2755801 which addresses vulnerabilities in Adobe Flash Player in Internet Explorer, 2960358 which is an update for disabling RC4 in .NET TLS, 3042058 for an update to the default cipher suite priority order in Windows, and 3097966 which covers inadvertently disclosed digital certificates that could allow spoofing.


5. Security Articles of Interest

  1. The biggest announcement from the recent AzureCon virtual conference was the introduction of the new Azure Security Center. The Azure Security Center is a comprehensive security monitoring and management solution that has the power to dramatically improve the security posture for all of your Azure-hosted services. Microsoft has put a tremendous amount of effort into making their cloud the most secure offering available, and this new tool goes a long way to realizing that lofty goal.
    https://azure.microsoft.com/en-us/blog/making-the-cloud-more-secure/

  2. The Azure Security Center allows administrators responsible for managing Azure-hosted resources to quickly and easily understand the state of all of their services running in Azure. Azure Security Center integrates with all of your Azure services, both platform and infrastructure. The Azure Security Center greatly improves the visibility and control over security configuration and events, and will be a key service when it is introduced later this year.
    http://blogs.msdn.com/b/azuresecurity/archive/2015/09/29/introducing-azure-security-center.aspx

  3. Many years ago, coal miners would bring canaries (small yellow birds) with them down in the mine as a sort of early detection system. If the levels of toxic gases rise to a dangerous level, the bird dies before the miners do. This concept is also applicable in information security circles, and is implemented in the form of “honeypots”. The idea is that your honeypot systems will get hacked before you do, giving you an advance warning of impending threats. Honeypots have long suffered from complexity, but recent advances have made them much more approachable. More details here.
    https://www.insinuator.net/2015/09/miners-canary-revival-in-it-security/

  4. Symantec recently fired some employees for issuing unauthorized certificates for some Google domains. The company indicated that these were “test” certificates, but the implications are critical for something like this. I would argue that there shouldn’t be a need to “test” certificates using something public like this, so I suspect that’s not the whole story.
    http://www.zdnet.com/article/symantec-sacks-staff-for-issuing-unauthorized-google-certificates/

  5. In late September, ARIN (American Registry for Internet Numbers) announced that their free IPv4 address pool officially reached ZERO. What does this have to do with security you ask? Well, with the rapid depletion of IPv4 addresses, the need to move to IPv6 is essential. In my experience, the vast majority of IT administrators, and especially security professionals, lack even a fundamental understanding of IPv6. Without operational experience and expertise, it will be impossible to recognize and defend against attacks leveraging the new protocol. Time to get serious about learning IPv6 everyone!
    https://www.arin.net/announcements/2015/20150924.html

  6. A few weeks ago Microsoft inadvertently published a test Windows update that really freaked people out! This odd looking update had many thinking that Windows Update had been compromised. Thankfully it was a simple (but critical) mistake.
    http://arstechnica.com/security/2015/09/nerves-rattled-by-highly-suspicious-windows-update-delivered-worldwide/

  7. Another great session from AzureCon was delivered by Microsoft veteran David Cross. David has extensive experience with Microsoft security platforms and recently produced this short video on Azure platform security and compliance. Azure Security Center is also featured in this session.
    https://channel9.msdn.com/Events/Microsoft-Azure/AzureCon-2015/ACON211

  8. Microsoft recently released the latest version of its threat modeling tool, the Threat Modeling Tool 2016. Threat modeling is a crucial component in understanding potential attack scenarios and where our vulnerabilities might lie. The Threat Modeling Tool 2016 is a free tool available from Microsoft that greatly simplifies this important task. It features a new threat grid, a template editor, and gives you the ability to migrate existing data flow diagrams. You can download the tool here:
    http://www.microsoft.com/en-us/download/details.aspx?id=49168

  9. SQL is one of the most popular workloads in Azure, and with good reason. SQL servers are not trivial to implement and manage, and they often benefit from massive amounts of computing resources, which are flexibly available in Azure. Of course SQL databases represent a popular target for attackers, so security is of paramount importance. Microsoft has been steadily improving the security of SQL in Azure, and recently announced a number of important security enhancements including Always Encrypted, transparent data encryption, Azure AD authentication integration, row-level security, dynamic data masking, and threat detection.
    https://azure.microsoft.com/en-us/blog/microsoft-azure-sql-database-provides-unparalleled-data-security-in-the-cloud-with-always-encrypted/

  10. Strong authentication is essential in today’s world. No longer is it sufficient to rely on simple usernames and passwords for access to critically important data. The use of multifactor authentication is an excellent way to provide a high level of assurance for access to resources. Azure Multifactor Authentication (MFA) is a simple and effective way to accomplish this. Microsoft recently released a security best practices document for Azure MFA with Azure AD accounts. Details here:
    https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-security-best-practices/


6. WindowSecurity.com Articles of Interest

  1. Microsoft Ignites a New Focus on Security – Part 4
  2. Video: Viewing Managed Service Accounts and Hosts using a Free Tool
  3. Microsoft Ignites a New Focus on Security – Part 5
  4. Product Review: IS Decisions FileAudit 5.0
  5. Cryptolocker Mitigation Strategies Explained

7. Windows Security Tip of the Month

For those organizations considering the adoption of Microsoft Azure cloud services, security is a critical factor in deciding which applications and services can be migrated. Azure is highly secure, and that is demonstrated by the myriad security certifications and attestations Azure has received over the years. If you are interested in learning more about Azure security, there is a new free course available at the Microsoft Virtual Academy entitled “Security in a Cloud-Enabled World” that is well worth viewing. Be sure to check it out!