Ultimate Guide to Security on Windows Server 2012 R2

2

I am so proud and excited to announce that I am finally finished with my first book and it is released to public. This book is on the topic of security on Windows Server 2012 R2 and after a year of working on it, I finally decided to not release it through Microsoft global marketplace (which is only private to training centers worldwide) and instead self publish it and make it available to everyone globally.

Learn how to secure the new Microsoft Windows Server 2012 R2 through this completely practical book which includes many step-by-step guides, exercises, and lab scenarios. This book will:

  • Provide beginner to advanced level content on the topic of security
  • Include many step-by-step hands-on labs and exercises
  • Include guides on how to configure commonly-used security services such as Network Access Protection, Network Policy Services, Dynamic Access Control, and many more.
  • Include also contents on how to configure security for Hyper-V
  • Fit also the need of those managing Windows Server 2008 (R2) environments

This book is a must-read for those who are tired of searching for good contents and would like to read something which is so right to the point. You can have more information about this book from www.windowsserversecurity.com and even have a glance inside the book contents.

Looking forward to your feedback about the book.

Cheers,

Esmaeil

Threat Modeling of the Cloud

If there’s one problem in cloud computing you have to revisit regularly, it’s security. Security concerns, real or imagined, must be squarely addressed in order to convince an organization to use cloud computing. One highly useful technique for analyzing security issues and designing defenses is threat modeling, a security analysis technique long used at Microsoft. Threat modeling is useful in any software context, but is particularly valuable in cloud computing due to the widespread preoccupation with security. It’s also useful because technical and non-technical people alike can follow the diagrams easily. At some level this modeling is useful for general cloud scenarios, but as you start to get specific you will need to have your cloud platform in view, which in my case is Windows Azure.

To illustrate how threat modeling works in a cloud computing context, let’s address a specific threat. A common concern is that the use of shared resources in the cloud might compromise the security of your data by allowing it to fall into the wrong hands—what we call Data Isolation Failure. A data isolation failure is one of the primary risks organizations considering cloud computing worry about.

To create our threat model, we’ll start with the end result we’re trying to avoid: data in the wrong hands.

Next we need to think about what can lead to this end result that we don’t want. How could data of yours in the cloud end up in the wrong hands? It seems this could happen deliberately or by accident. We can draw two nodes, one for deliberate compromise and one for accidental compromise; we number the nodes so that we can reference them in discussions. Either one of these conditions is sufficient to cause data to be in the wrong hands, so this is an OR condition. We’ll see later on how to show an AND condition.

Continue reading

5nine Anti-Virus and Virtual Firewall for Hyper-V

When it comes to cloud security, as I have mentioned before many times in my blog posts and presentations, it is not always the physical servers that need to be protected against the outside attacks but attacks from the inside have also become very critical. With all those different layers of security such as firewalls, IDS and IPS systems protecting the environment from those outside attacks, attackers are now thinking of attacking from the inside by only having a minimum needed access to some resources inside the cloud infrastructure.

This minimum access is usually and most of the time access to a virtual machine whereby the attacker can settle down and try to escalate his/her privilege. In order to secure the access between the virtual machines and to stop the hackers from accessing resources inside a VM from another VM, we need to make use of a firewall system to control the flow of traffic between the VMs. Before I go on with introducing a solution for that, it needs to be mentioned that there are already two ways to stop this kind of attack. The first thing is that there is a number of different filters built inside the Hypervisor in Microsoft Hyper-V and since the Hypervisor mediates access between the VMs, most of the attacks will be prevented. The other thing that is put inside Hyper-V is the use of VLANs and of course this is up to the designer to choose how he/she would make use of them to filter the traffic between different VMs throught the use of VLANs and virtual switches in Hyper-V.

But the one which this article is going to be about is 5nine Security Manager software which is an ant-virus and virtual firewall that helps us to be immune against this kind of attack. It provides a lot of different features:

  • Controls Network Traffic – Using simple PowerShell API/scripts or the management application, we can control the flow of the traffic between the VMs and also between the VMs and the external network.
  • Security Heartbeat Service – It’s a special kind of service that checks whether the rules are being enforced and if it feels like a VM for instance is compromised, it will stop the VM.
  • Anti-Virus and Anti-Malware protection – This type of scan is well-managed that never lets any type of performance degradation occur.
  • Bandwidth Throttling – It also includes a VM bandwidth shaper.
  • Stateful Packet Inspection.
  • Deployment options – 5nine Virtual Firewall can be used with Microsoft System Center Virtual Machine Manager to be deployed on the physical machine before any of the VMs are placed on the physical machine.
  • Compliance Audits – It makes the admin able to monitor and audit the network traffic flowing between the VMs any time.

In this post I tried to have an overview on this really good software and soon I will try to have a deeper dive into it.

For the time being, here is the website to have a close look at.

Cheers

Private Cloud Security via Forefront TMG 2010

Good evening everyone… I need to thank those of you who attended my session in Microsoft TechDays 2011 event called Security Blackbelt Day at Microsoft auditorium. I hope you enjoyed it and it was useful. I shared the slides so that you could use them:

Private Cloud Security via Forefront TMG 2010 [slideshare id=10008891&w=425&h=355&sc=no]

Cheers

Security in the cloud

A few weeks ago I shared a link on my blog about Steve Ballmer’s speech on cloud computing and how it really works. Cloud computing in terms is referred to all kinds of services provided online on the internet. To make things clearer, cloud computing is a way to make data always accessible for anyone to use at any time. Such a technology brings a lot of convenienve and a really fast access to the data using the services in the cloud. For instance imagine that you could have your Microsoft office tools available whereever you would need it on any computer whether with or without the real office installed.
With this rapid growth of cloud computing and different companies having their own clouds with their services available and ready to give services on it, who knows maybe on day all the services would go online and working offline had no meaning to anyone. We have to wait and see how fast the technology is going…
When it comes to the reliabiliy of the services provided in the cloud, one of the first things that comes to everyone’s mind is security and how the companies providing such online services are approaching security. There are many items that could be listed here but to be brief I’d like to mention a few of them:
Trusting the cloud: This is probably the most fundamental concept of security which is very hard to gain. Trusting the company and therefore trusting their cloud and its services is definitely crucial because you are putting all your information up there and you must make sure that the company is trustworthy to keep all those provate information. This type of trust also comes from the level of popularity of a company. Let’s say if www.microsoft.com is providing services online, then the name is well-known to anyone and there will be no more question.
-Availability of the cloud: Basically this concept is more related to the availability than security, but the first step to secure your data is to have the servers available all the time. This is something not many companies pay a lot of attention to and also clients do not question the companies about the availability of their services. It has happned in the real world that a little bit of interruption in service provision has caused loss of thousands of dollars.
-Identity in the cloud: Whoever using the cloud has his identity and is known to the others using let’s say a username. this user is given an ientity from the cloud provider and he is the only one reponsible to keep his credentials safe. On the other hand, the company is also required to set policies to force users to better protect their credentials.
-Policies in the cloud: Everyone would make a lot of connections in the cloud and could share his/her information with the others. This is the company giving the user this ability to customize his/her privacy policies and give the rest of the people different types of permission to access his/her data. You could see a lot of such issues recently in Facebook regarding different privacy policies resulting in many of its users to go angry and even quit using it. So wha can be concluded is that it is not only the user who has to be aware enough to set proper policies but also the company must give him this ability.
The history of loud computing maybe dates back to the time Hotmail became so popular and everyone was creating accounts in it and ever user was communicating with the rest, uploading their data somehow and doing so many new things. The technology has expanded up until now that we have lots of services provided like having a lot of space for storing my information and even I could have more than what I have on my pc at home. right? With all this rapid expansion, there comes security risks also. One of them could be the server downtime due to any serious security issues. In these situation we should look at our company’s plan to see how prepared they are for such cases and how secure their infrastructure is. At the same time, we should see how they react to such problems in the cloud really and what back-up plans they have.
Something else which plays a very important role in the level of trust and reliability from the users is the support they receive from the technical team. The users always need a team to respond well to the issues they have and we should really see how a company as big as Microsoft and with the users as many as Microsoft users, is supporting so many users.
In the future posts I ll try to make it so specific on different cloud providers and how they interact with each other and how the users are connected from different clouds. For the time being this link is a great source of information on Microsoft website.
Late at night
Befoe the morning clouds are out, let’s get some night sleep…. 🙂