Note-to-self: CCSK vs CCSP

Just for easy, future reference… the difference between CSA CCSK and (ISC)² CCSP, quickly explained:

https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-unbiased-comparison/

http://www.confidis.co/cloud-security-certifications-ccsk-vs-ccsp/

 

Note-to-self: prepping for CSA CCSK v4 upgrade

Note-to-self: extended reprint of a LinkedIn post…

I might have mentioned it already, but if you have passed the CCSK exam before, better logon to your CCSK profile on the CSA website and check if you still have an exam token left.

By default you get 2 tokens each exam registration, so…

If you pass your exam the first time, the “second try” backup token is left unused in your profile.

And (if not yet expired) you can use it to upgrade your CCSK to v4.

Tokens stay valid for 2 years after purchase.

More info: https://ccsk.cloudsecurityalliance.org/en/faq

On that page you can also find the required study material for the exam.

You can download the CCSK v4 prep kit from : https://downloads.cloudsecurityalliance.org/ccsk/CCSKv4_Exam_Preparation_Kit.zip

It’s an online exam and thus open book exam, using the below reference guides.

• CSA Guidance: https://cloudsecurityalliance.org/download/security-guidance-v4/
• Cloud Controls Matrix: https://cloudsecurityalliance.org/download/cloud-controlsmatrix-v3-0-1/
• ENISA: http://www.enisa.europa.eu/act/rm/fles/deliverables/cloud-computing-riskassessment

But realise:  60 questions in 90 minutes still is hard work, so better do some prep work up front to maximize your chances.

Once you pass this one, you can go for the (ISC)² CCSP with more confidence…

Note-to-self: You lost access to your initial Office 365 admin?

Although Microsoft has built in quite some methods to regain access to your 0365 tenant/account, you might have some bad luck one day… (experience talking here)

First of all you should try the default options, meaning : the password reset options.

The direct way to get there is the first link to bookmark: https://passwordreset.microsoftonline.com/

Another way to get there is in the 0365 logon page (also for Azure),

If you forgot your password or can’t access the account, hit the link at the bottom.
You get directed to :

If you know the logon, you can proceed to

You notice that the verification is pointing to your alternative mail address or your mobile number…

But what if you forgot your original logon ID (mail address), eg in case you have setup a test tenant in 0365 with an mail address you don’t use frequently? (yes, that happens)

If that is not working or you need more help, check these options:

• Microsoft Support: A user or an administrator forgot his or her password in Office 365, Azure, or Intune
• Reset my admin password for Office 365

And if you really ran out of luck: you might raise a ticket and ask for help. https://portal.office.com/support/newsignupservicerequest.aspx

Anyway, as shown there are some options when configuring 0365 that should keep you out of trouble in the first place

• make sure to add a mobile number to your user account
• make sure to add a secondary email address to your account (not belonging to your O365 domain)
• Configure and test MFA (multifactor Authentication), eg with the Authenticator app
• add a secondary admin account with sufficient rights (with the same security measures!)

(Last update: 2020-12-31)

Note-to-self: free download of the 2015 Cyberthreat Defense Report from CyberEdge Group (and no registration needed)

Source (*): http://www.cyber-edge.com/2015-cdr/

CyberEdge has released the 2015 Cyberthreat Defense Report, which is a very-interesting-read for security professionals.
Among the findings: 52% of respondents expect to fall victim to a cyberattack in 2015.

Although most of these ‘free’ reports don’t cost you a penny, they are not free at all as you’ll need to pay with your personal data.
At minimum with your mail address…

Yes, we know, the registration of your email address is the refund of the marketing these companies need.
But do you want to pay that price?

And a lot of second-line security companies and/or partners of CyberEdge will do the same thing… publishing the free report after you have registered.
(Got the publication notification from Blue Coat systems…, but you can easily find more Bing it yourself.)
The downside of this is that you have no control at all what happens to that registration, despite the privacy and legal regulations (like double opt-in)…

So it’s always fun to look out for really ‘free’ (and legal) downloads… 😉

(*) In this case, stick to the source: http://www.cyber-edge.com/wp-content/uploads/2015/03/CyberEdge-2015-CDR-Report.pdf
[no guarantee how long it will stay ‘free’,…;)  ]

Enjoy!

 

 

Note-to-self: MVA course – Getting Started with Azure Security for the IT Professional

Source: https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started-with-azure-security-for-the-it-professional-11165

From the course description:

“Course information

Earning Trust in the Microsoft Cloud

Join Scott Edwards and Rick Claus for a look at the Microsoft commitment to earn customer and partner trust in its Cloud Services, with a focus on privacy controls, compliance, and certification.

 

Inside a Microsoft Datacenter

Have you ever wondered what “cloud scale” looks like? Take a virtual tour of a datacenter (designed, built, and operated by Microsoft), and learn about defense in depth, access, and cloud security.

 

Architecting Secure Compute Solutions on Azure

Explore ways to design solutions that will be secure and well architected for availability within your Azure subscription. Learn about security boundary implementation and ways to minimize downtime.

 

Virtual Appliances and Security

​ ​This session covers various elements of the network virtualization stack with emphasis on virtual networks, network security, and user defined routing.

 

Understanding Virtual Appliances

You will learn how to deploy virtual appliances in Azure Virtual Network. The key focus is on security appliances (firewall, gateway), ADC (application delivery controller), and WAN optimization.​ ​

 

Extend Your Network to the Microsoft Cloud

Learn about how Microsoft Azure ExpressRoute enables you to extend your network to Microsoft and enable Hybrid Scenarios for your Enterprise.

 

How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications. This is part 1 covering background and theory.

 

Demos: How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. This is part TWO covering all the demos of the Azure Key Vault service​.

 

Disk Encryption with Key Vault

​Disk Encryption has been something that our customers have been asking about since Azure IaaS has been available. Learn what options are available to your Azure IaaS VMs now with Azure KeyVault.

 

Antivirus Options in Azure

AntiVirus extensions are available in Azure and can be included in your Virtual Machine images. Learn what options are available and how to leverage them in your solutions.

 

Encryption for SQL Server on Azure Virtual Machines

This talk will cover how customers can use the SQL Server Connector to use Azure Key Vault as an Extensible Key Manager in implementing SQL Server encryption on Azure Virtual Machines.

 

Azure SQL Database Security

This talk will cover 2 new security features for Azure SQL DB, Transparent Data Encryption and Azure Active Directory integrated authentication.”

Note-to-self: Just Enough Administration Whitepaper

Source: https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

Short URL: http://aka.ms/JEA

From the introduction: ”

In the current world of Information Technology, protective measures do not stop at the network edge. Recent news reports based on security breach post-mortems indicate the need to protect assets using measures that reduce administrative access. While the principle of least privilege has always been known to IT Security professionals, there is a need in the industry for a standardized method of constructing an operator experience that reduces access with a more sophisticated level of granularity than what is available in many traditional access control models.

Just Enough Administration (JEA) is a solution designed to help protect Server systems. This is accomplished by allowing specific users to perform administrative tasks on servers without giving them administrator rights, and then auditing all actions that these users performed. JEA is based on Windows PowerShell constrained runspaces, a technology that is already being used to secure administrative tasks in environments such as Microsoft Exchange Online.”

For the latest information, please see http://blogs.msdn.com/powershell/ and http://aka.ms/buildingclouds

Don’t need to tell you that you should definitely save these in your favorites. (Well, just did it… so no excuses..)

Note-to-Self: Microsoft Security Newsletter September 2014

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

• Windows Phone 8.1 Security Overview
• Windows Phone Security Forum for IT Pros
• Create Stronger Passwords and Protect Them
  • Inlcuding  free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
• Two-Factor Authentication for Office 365
• Multi-Factor Authentication for Office 365
• Configuring Two-Factor Authentication in Lync Server 2013
• Adding Multi-Factor Authentication to Azure Active Directory
• Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
• Building Multi-Factor Authentication into Custom Apps

And:

• Get Started with Virtual Smart Cards

Plus much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

• Active Directory and Exchange multi-forest environments can be extended now to the cloud.
• Control over which attributes are synchronized based on desired cloud services.
• Selection of accounts to be synchronized through domains, OUs, etc.
• Ability to set up the connection to AD with minimal Windows Server AD privileges.
• Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
• Preview AAD Premium password change and reset to AD on-premises.”

#AADSync Beta2 available on Connect #FIM2010

Source: MS Connect announcement by the AADSync product group

 

Microsoft announced the the availability of AADSync Beta2 on Connect.

You can download it here : AAD Sync Beta2 (https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53831)

 

With Beta 2 there are some new features frequently requested:

–       Select only required services/attributes to synchronize to AAD

–       Exchange hybrid deployments

–       Password write-back for multiple-forests (AAD Premium preview feature)

 

Good news: the AADSync product group is looking for customers who are interested in using Beta2 in production. If you are interested, then do the following:

–       Download the updated build from Connect and read the documentation on http://go.microsoft.com/fwlink/?LinkID=393942 for the latest information.

–       Install and verify the scenarios you plan for production use. You do not need permissions from Microsoft to start evaluating AADSync.

–       If you find any issues or need help, submit feedback through Connect. This is also the fastest way to get access to our beta support team.

–       When you have completed the verification and all issues have been resolved, send an email to “Azure AD Sync Service Feedback”AADSyncFB@microsoft.com with information which scenarios you plan to use and have verified are working. Also provide contact information. The team will respond back with information on how to get call-in support during the preview phase.

Thank you for helping us make AADSync a better product,

 

Find more information on AADSync on TechNet Wiki: http://aka.ms/AADSYnc.

Note-to-self: new #FIM2010 Connector for Windows Azure Active Directory published

Source: http://www.microsoft.com/en-us/download/details.aspx?id=41166

Forefront Identity Manager Connector for Windows Azure Active Directory helps you synchronize identity information to Azure Active Directory.

Version:	Date Published:
1.0.6567.0002	2/19/2014