Planning For The Worst

Planning For The Worst

No matter how hard you work to educate your employees about the constant and evolving threats to your company, even the most conscientious employee may unknowingly open infected files or click on malicious web links. Security breaches are inevitable. The best strategy includes securing across all attack vectors and putting policies into place for reviews and change management within your organization. Microsoft 365 offers security solutions that address these attack vectors and will enable you to discover, analyze, and neutralize threats before they cause harm.

Many common types of threats target these key attack vectors: devices, email, network, and user credentials. Microsoft 365 integrates threat detection across these attack vectors by ensuring that the security and resilience of systems and assets are aligned with related policies, procedures, and agreements.

Windows Defender Advanced Threat Protection (Windows Defender ATP)

For endpoint attacks, Windows Defender ATP provides near-instant detection and blocking of new and emerging threats using advanced file and process behavior monitoring and other heuristic solutions. These endpoint sensors collect and process behavioral signals from the operating system, which are then translated into insights, detections, and recommended responses to advanced threats. Windows Defender ATP offers dedicated protection updates based on machine learning, human and automated big-data analyses, and in-depth threat resistance research to identify attacker tools, techniques, and procedures and to generate alerts when these are observed in collected sensor data. Windows Defender ATP is built in to Windows 10, providing deeper optics and cloud-powered protection.

Microsoft Device Guard is a feature of Windows 10 that provides increased security against malware and zero-day attacks by blocking anything other than trusted apps. Device Guard is managed in Microsoft System Center Configuration Manager (ConfigMgr).


Microsoft Office 365 Advanced Threat Protection (Office 365 ATP)

Threat protection for Office 365 begins with Microsoft Exchange Online Protection which provides protection against all known malicious links and malware. Office 365 ATP builds on this protection by offering holistic and ongoing protection across your Office 365 environment, including email and business apps such as Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. Office 365 ATP allows you to secure your user mailboxes, businesscritical files, and online storage against malware campaigns in real time with its Safe Attachments and Safe Links features. Office 365 ATP Safe Attachments protects against unsafe attachments by preventing them from affecting your messaging environment. All suspicious content goes through real-time behavioral malware analysis that uses machine-learning techniques to evaluate the content for suspicious activity. Unsafe attachments are removed before being sent to recipients. The result is a malware-free inbox with better zero-day attack protection.

Office 365 ATP Safe Links supports protecting your environment offering by “time-of-click” protection from malicious links. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting and message trace in Exchange Online Protection allow you to investigate messages that have been blocked because of viruses or malware, while the URL trace capability allows you to track individual malicious links in the messages that have been clicked. Office 365 ATP and Exchange Online Protection can be configured in the Office 365 admin center.

Office 365 Threat Intelligence is a repository of threat intelligence data and systems that can spot suspicious patterns, behaviors, and activity. Office 365 Threat Intelligence gathers information from email and other sources. You can then use this data to understand and remediate threats against both your employee and your organization. Office 365 Threat Intelligence lives in the Office 365 Security and Compliance Center. Attack Simulator, a component of Office 365 Threat Intelligence, lets you run realistic attack scenarios in your organization so you can identify and find vulnerable users before a real attack occurs. You can find out how your users would behave in an attack, and then update policies to ensure that the right security tools are in place to protect your organization from threats before they happen.


Azure Advanced Threat Protection (Azure ATP)

Azure ATP provides end-to-end network security by protecting user identities and credentials stored in Active Directory. To prevent identity credential attacks, Azure Active Directory (Azure AD) detects risk events, such as users with leaked credentials, sign-ins from anonymous IP addresses, impossible travel to atypical locations, infected devices, and IP addresses with suspicious activity or unfamiliar locations.

Azure ATP detects suspicious activities across the network attack surface, such as:

  • Reconnaissance work, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist.
  • Lateral movement cycles, during which attackers invest time and effort in spreading their attack deeper inside your network.
  • Domain dominance (persistence), during which attackers capture the information— allowing them to resume their campaign using various sets of entry points, credentials, and techniques.

These services that protect specific parts of the attack surface can also share signals to alert services protecting other surfaces of the enterprise.

Azure ATP detects these suspicious activities and surfaces the information, including a clear view of who, what, when and how, in the Azure ATP workspace portal which can be accessed by signing in to your Azure AD user account.


Azure AD Identity Protection

Azure AD Identity Protection provides an overview of risk and vulnerabilities that may be affecting your organization’s identities. Azure AD Identity Protection uses existing Azure AD anomaly detection capabilities available through Azure AD anomalous activity reports. You can enable Azure AD Identity Protection through the Azure portal. Azure AD Identity Protection helps you identify the risk level of a particular user. Through Azure AD Identity Protection, you can set up risk-based conditional access policies to automatically mitigate threats and secure corporate or organizational resources and data. Risk-based conditional access gets rich signals from the Microsoft Intelligent Security Graph and then converts them to actionable risk-based policies that you can apply to your organization.

Vulnerabilities identified and reported by Azure AD Identity Protection include non-configured multi-factor authentication registration, unmanaged cloud apps, and security alerts from privileged identity management. We recommend that you address these vulnerabilities to improve the security posture of your organization and prevent attackers from exploiting them. Azure AD Identity Protection will flag these issues and recommend mitigation strategies.

Azure AD Privileged Identity Management (Azure AD PIM) lets you monitor access to resources within your organization so that you can minimize and manage the number of people who have access to secure information or resources. Continuously monitoring these high-access points limits vulnerabilities at a top level.

You can configure Azure AD PIM in the Azure portal to generate alerts when there is suspicious or unsafe activity in your environment, such as roles being assigned outside of Azure AD PIM or are activated too frequently.


Microsoft Cloud App Security

Microsoft Cloud App Security gives you greater visibility and control over your enterprise app ecosystem, including all Microsoft applications and applications that are beyond the Microsoft ecosystem through threat detection, enhanced security and policy controls, and deeper discovery and insights.

Microsoft Cloud App Security lets you set up alerts based on anomaly detection policies so that you know about threats immediately. Anomaly detection works by scanning user activities and evaluating their risk against more than 70 different indicators such as sign-in failures, administrator activities, and inactive accounts. You can also set up customizable activity policies to track specific activities and flag you if something is out of the ordinary, like a huge download or multiple sign-on attempts.

Manage Microsoft Cloud App Security through an app dashboard that lets you see your organization’s and employees’ app usage, like how much data is being sent to OneDrive for Business, Box, Dropbox, and other cloud storage apps.

You can set your Cloud App Security policies in the Cloud App Security portal or through the Microsoft 365 Security and Compliance Center. On the Cloud App Security policy page, you can create activity policies and apply severity levels that can be used to filter your alerts later. You can also determine what action to take when one of your policies triggers an alert.


Microsoft Secure Score

Microsoft Secure Score provides a quantifiable way to measure your security posture and track improvements over time. It also provides recommended actions to improve your score that include helpful links to learn more or configure the recommended feature. In addition, Microsoft Secure Score expands your visibility into the overall security posture of your organization. From the dashboard, you’ll be able to quickly assess the security posture of your organization and obtain recommendations for actions to further reduce the attack surface in your organization—all in one place. From there, you can act according to the recommended configuration baselines.


In closing, the Advanced Threat Protection integrated throughout Microsoft 365 monitors and protects everything from data, to endpoints, to user identities. These tools are always working behind the scenes to keep your business secure, keeping you in the loop without overwhelming you with information.

At Oakwood Systems Group, Inc., we believe in securing your business with a holistic strategy. Contact us today to learn more.

5 Reasons Your Organization Should Move To The Cloud

5 Reasons Your Organization Should Move To The Cloud

How many reasons do you need to transition to cloud-based IT infrastructure? For most companies, it’s more than just one. At Oakwood Systems Group, Inc., we know the benefits of the cloud outweigh any of the hassle.

Microsoft cloud services offer with increased scalability and security, not to mention flexibility and ease of use. You’ll also save your business time and money by reducing maintenance of on-premises IT infrastructure.

Here are 5 reasons your organization should consider adopting the cloud.

1. Cloud Based Applications Are Here To Stay

  • The value of the cloud – The cloud market is expected to pass $500 billion by 2020.
  • Adoption is growing – 72% of organizations had at least one application in the cloud in 2015, a 15% increase from 2012.

2. Security Comes Standard

As cloud technology improves, security fears lessen. In a survey of enterprise IT managers, security is no longer ranked as the #1 concern when it comes to cloud computing.

One of the biggest advantages of moving to the public cloud is the security team that comes with it. By moving to an enterprise-level public cloud, you’ll experience:

  • Scale – A public cloud will always be large enough to store and secure your data.
  • Intelligence – Public clouds monitor for millions of threats. As soon as one is detected on one customer tenant, the cloud provider can mitigate the attack across all other tenants.
  • Automation – Less human touch results in fewer mistakes and fewer opportunities for security breaches or insider threats.

Benefits of Cloud Technology

We’re saving time and money. And every dollar we save is making it to the field to help those that need it.

Marc Julmisse – Chief Nursing Officer, Partners in Health

3. Move At Your Own Pace

Cloud migration does not need to happen all at once, and it’s recommended to migrate to the cloud over time with a hybrid approach—the combination of an on-premises, private cloud and third-party, public cloud services.

On average in 2015, businesses were simultaneously experimenting with and running data on 3 public clouds and 3 private clouds.


4. Using The Cloud Doesn’t Mean New Tools

Moving to a cloud-based solution doesn’t have to mean retraining employees. Many solutions allow you to use the same applications your employees are used to, with access to files anywhere online.


The switch to Microsoft cloud services makes us significantly more efficient in normal times but will make us far more effective when we respond to a disaster moving forward.

Mike Manning – President and Chief Executive Officer, Greater Baton Rouge Food

Cloud Benefits: Scale, Intelligence & Automation

The Sky’s The Limit

Cloud adopters see various benefits from their technology, although businesses’ top-cited benefits include:

  • Faster access to infrastructure
  • Greater scalability
  • Increased availability

Intelligent Security for The Modern Workplace

Intelligent Security for The Modern Workplace

One of the biggest challenges in digital transformation is ensuring security across an organization’s entire digital landscape without reducing user productivity. Piecing together individual solutions can result in a complex security posture that overburdens operations and encourages users to bypass security measures. Cloud computing allows enterprises to share security signals worldwide, which is changing how they do security.

In this new world where data and users roam free, it’s even more important to have an integrated suite of security tools. Microsoft 365 is a complete, intelligent solution that helps secure corporate data and protect against bad actors, while taking advantage of the transformative opportunities presented by cloud computing. Its built-in security solutions integrate easily and share insights from the trillions of security signals on the Intelligent Security Graph across the global Microsoft ecosystem. With Microsoft 365, you can reduce the number of security vendors you manage and safeguard your organization, without sacrificing productivity.

Microsoft 365 keeps users, data, devices, and applications safe

An organization’s data is their most valuable asset, yet most enterprises lack the ability to understand what data is sensitive and control access to that data. Data protection requires a layered approach that starts with a great user authentication experience with policies to control access to sensitive information regardless of location or device. Microsoft 365 includes identity protection that provides the foundation for secure access to data, devices and applications. A set of advanced threat protection tools communicate with each other to correlate threat information across your entire digital footprint and automate threat protection, which eases the workload on your security operations team. Security insights recommend ways to optimize the configuration of your security tools and provide a quantifiable measurement of your security posture.

Microsoft 365 Enterprise E5 unifies user productivity and enterprise security into a single suite

For customers that embrace the Microsoft productivity suite, there are significant gains to be realized in security. While no single security provider will cover your entire digital footprint, through Microsoft’s investments and scale within enterprises, their customers have an advantage in creating a comprehensive, adaptive security program.

Comprehensive, adaptive security

Technology has changed the way enterprises conduct business. As people bring devices, apps, and data into organizations today, protecting company assets requires a new approach. It’s important to find a balance between powerful, complicated security capabilities and a security posture that you can maintain over time with your current staff and budget.

Imagine if you could easily; identify sensitive information automatically, eliminate passwords entirely in favor of biometrics or pins, identify, quarantine, and wipe a compromised endpoint all from a single location and quantify your security position and gain insights on how to improve it.

All of this and more is possible with Azure Advanced Threat Protection, just one of four valuable tools included in Microsoft 365 Enterprise E5. Interested in what other tools are available to you? Oakwood Systems Group, Inc. has the answers to your questions. Contact us to learn more.


The Power of Backing Up in Azure

The Power of Backing Up in Azure

Data has never been more critical to your enterprise as it transforms in this digital world. Azure Backup helps you retain rapidly increasing amounts of data while keeping storage costs low. It makes it easy for you to backup and restore your most important information when the unexpected happens. As ransomware attacks increase, built-in protection from Azure keeps your data safe. Azure Backup gives you a cost-effective, simple and secure backup solution that protects your data.


Benefits of Azure Backup: Simple, Secure & Cost-Effective

Setting up Azure Backup for your virtual machines can be accomplished in just three steps. Once the initial backup is completed, only incremental changes are sent based on a defined schedule. You can then retain your backups for as long as your compliance(s) require.

Built-in protection against ransomware helps you protect your data from unauthorized requests to delete your backups. Before ransomware has the chance to corrupt your data, you’ll be notified so you can save your data.

Store your backups in Azure instead of an offsite to reduce infrastructure costs. Pay for what you use in Azure.


Additional Key Benefits

  • SaaS pay-as-you-go service
  • Have the latest backup of your data whenever you need it at no additional cost
  • Support for VMware, Hyper-V, Linux and Windows in Azure and on-premises
  • Avoid the complexity of managing on-premises infrastructure
  • Safeguard your backups from ransomware with one-click multifactor authentication
  • Retain unauthorized deleted backups to give you time to investigate and recover your data

Simple and secure cloud-based backup

  • Hybrid and heterogeneous – Protect your data from Azure no matter where it resides – in the cloud or onpremises. Support for virtual machines running on VMware, Hyper-V, Linux and Windows.
  • Flexible – Scale protection to just a few files and folders or multiple virtual machines in a few clicks. Restore individual files and folders or virtual machines from Azure when you need them the most.
  • Efficient – Eliminate the challenges of getting started with your backup solution. With no need to provision storage, enable backup for your virtual machines running in Azure in a few minutes.
  • Fast – View your backups from Azure and onpremises in one centralized location to quickly decide what needs to be restored to keep business operating as normal.
  • Compliant – Export Power BI reports to understand information about your backups. Ensure you are meeting your industry’s unique compliance requirements.
  • Safe – Receive instant notifications of suspicious backup activities so you can take action. Generate a security PIN required to complete critical backup operations for an additional layer of protection.

We don’t have to worry about managing space on expensive purpose-built backup storage systems. We have no tape costs, management costs, nothing. Backup is dramatically cheaper with Azure.

Sean DeLessio Lead Engineer Russell Reynolds Associates

Even with the cost of adding a Data Protection Manager server to each jobsite, Azure Backup is cheaper than our previous solution—one quarter the cost. The savings increase with every gigabyte of data we add.

Chris Palmer Solutions Architect PCL Construction

By using long-term Azure Backup to eliminate tape, we could save US$20,000 annually,” Karabiber says. “We also avoided the need to build or rent an off-site backup location at a cost of $50,000.

Kerem Karabiber IT and Business Development Manager Kardem

The process for backing up data can seem complicated. With the increased importance of data in the digital age, isn’t it time you integrated a solution that helps you safeguard your data? At Oakwood Systems Group, Inc., we know how tough it can be to safeguard your data. That’s why we’re here to help.


Contact Us Today!

Six Common Cybersecurity Mistakes You Can Fix Now

Six Common Cybersecurity Mistakes You Can Fix Now

Cybercriminals are clever and on the lookout for vulnerable businesses. They exploit common mistakes and flaws to breach systems, then steal, disrupt, or hold businesses for ransom. But here’s the good news: you don’t have to be an easy mark. You can make changes right now to reduce the likelihood of a successful attack.

Here are six common cybersecurity mistakes and how to fix them:

cybersecurity

Mistake 1: Piecemeal approach

It’s tempting to stack new security measures on top of existing ones as new threats emerge. But this results in too many products and not enough integration. Every product has its own dashboard, controls, and alerts. And someone has to stay on top of it all.

This lack of integration between security products makes it difficult to see threats holistically, and even harder to respond quickly and effectively. Instead, look for products designed to work together, and partner with companies that actively seek collaboration with the security industry.

Mistake 2: Insufficient Security Expertise

Cyberthreats continue to increase every day, and 43% of cyberattacks target small businesses, which usually have limited IT resources in-house. Everyone else is focused on running the business, not security. You need help.

Consider automated, software-based processes that can monitor your systems continuously and even take action when a threat is detected. Smart automation can save you time and energy, allowing you to focus on other priorities. Also, consider partnering with a specialized security provider. And finally, invest in educating your employees on security awareness so everyone can be part of the solution.

cybersecurity

Mistake 3: Unsecured personal devices

How many ways do you access your business data? Even small businesses may have multiple computers, laptops in remote locations, personal smart phones, and tablets. A determined hacker can attempt access through many possible endpoints. In fact, 60% of breaches stem from a compromised endpoint, such as a personal device.

Identity and access management (IAM) eliminates the complexity of multiple user credentials by giving each employee a single, secure identity to access all your network resources. And multifactor authentication (MFA) offers another layer of protection, requiring a user to present a password plus secondary authentication such as a fingerprint or code sent via SMS.

Mistake 4: “I’m too small to be a target”

Cybercriminals increasingly target smaller businesses assuming that you may be complacent and unprepared. A study by the Better Business Bureau found that nearly one in four businesses with 250 employees or fewer reported having been the target of a cyberattack, and the overall annual average loss for smaller businesses from these attacks is estimated to be $79,841.

Make sure to invest in security, but realize that no program is 100% foolproof. Assume that you can be attacked and breached. Prepare an incident response plan, ensure continuous monitoring for suspicious activity, and organize the resources needed for a quick response to reduce the damage to your business.

Mistake 5: Overlooking the security of the cloud

Security is complex, and even well-funded enterprise IT departments struggle to stay on top of it. The right cloud partner can do much of the heavy lifting for you and provide smart ways to encrypt and backup your data.

Moving to the cloud doesn’t have to mean starting over from scratch. Evaluate your needs, and make the move in stages. Or even employ a long-term hybrid strategy where some of your systems remain onpremises. Be sure to evaluate cloud service providers using international standards, and look for vendors that publish detailed information about their security and compliance measures.

Public cloud providers offer better security than a small business or even a big enterprise is able to achieve. This is due to the investments that cloud providers are making to build and maintain their cloud infrastructure.

Rene Buest – Senior Analyst and Cloud Practice Lead, Crisp Research

Mistake 6: Leaving data unprotected

Data travels outside your control when it’s shared by employees, partners, and customers. But trying to lock down everything discourages productivity and innovation, and eventually leads to employee workarounds if the inconvenience proves too great. Balance protection with productivity by focusing on security at the data level.

Categorize your data based on how sensitive and critical it is to your business. Better yet, automate your data classification so the appropriate protections and monitoring are in place when the data is created. Protect what’s most important with the strongest measures, such as restricted access, limited sharing privileges, and encryption.

Build your security strategy— one step at a time

Modern cybersecurity requires a coordinated, multifaceted approach. But it’s a journey, and every step you take makes a difference and reduces your risk. If you haven’t been attacked yet, assume that you will be a target eventually and look for partners to help. Start with this free security assessment tool, and get prepared to protect, detect, and respond to the threats that come your way.

Contact the security experts at Oakwood Systems Group today and learn more about vulnerabilities you may have and how they should be addressed.

Move Forward Securely with Business Continuity and Disaster Recovery

Move Forward Securely with Business Continuity and Disaster Recovery

When thousands of hospitals, health systems, community practices, and pharmaceutical companies rely on your software to deliver smarter, more effective patient care, you had better make sure it’s secure and reliable. That’s why Allscripts, a leading healthcare software manufacturer, uses Microsoft Azure

Having a reliable and secure IT service provider was more than acquiring 1,000 VMs needed to run the show. Allscripts, a leading healthcare software manufacturer, acquired two companies in 2017. To ensure their new datacenter assets had a home fast, they brought on Microsoft Azure. The reliability of built-in disaster recovery protections means Allscripts doesn’t have to worry about losing their data. You can do the same.

Using Azure Site Recovery, Allscripts was able to easily move 500 development VMs running critical healthcare applications to Azure. In just three weeks, the company lifted and shifted dozens of acquired applications running on 1,000 virtual machines, ensuring they met & Allscripts’ governance policies and security requirements.  

Running your business on the cloud was never easier thanks to Azure. With Oakwood Systems Group, Inc. and Microsoft, your business can achieve the same security and reliability of Allscripts. Email us today to find out more information on how we can help. 

Microsoft 365: Bringing Intelligent Security To Business

Microsoft 365: Bringing Intelligent Security To Business

We are living at an Inflection Point.

Digital transformation is the biggest change any of us has seen in our lifetime. Companies invest in technology to optimize operations, transform products, engage customers, and empower employees. The challenge is to find a finding the way to empower people to do their best work. This starts with fostering a culture of work that engages your team, and embraces the trends in the workplace that make work inspiring.

To deliver on the tremendous opportunity for business growth and innovation, Microsoft is simplifying the customer experience by bringing together Office 365, Windows 10, and Enterprise Mobility + Security with the introduction of Microsoft M365.

It’s a complete, intelligent solution that empowers everyone to be creative and work together, securely.

With the ability to leverage the constantly evolving Office 365 suite, with over 1 terabyte of storage via OneDrive, firms  will now have access to enhanced security capabilities including:

  • Both On-Premise and Cloud Threat Detection
  • Multi-Factor Authentication
  • Document Encryption and Segregation (Device Level)
  • Save-As, Copy, and Paste Restrictions
  • Device and App-Level Data Wipe
  • Single Sign-On

Interested to learn more? Contact us today to find out how Microsoft 365 can help your business!

About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.

Managing Database Versioning & Releases With RMS

Managing Database Versioning & Releases With RMS

Let's talk a little RMS.  As with all enterprise applications, a database sits in the back quietly storing and processing our data.  As with all applications, there is always progress to be made and changes to affect. This isn’t limited to just code changes in our application, our data structures change as well. However, unlike application versioning, database versioning is another matter.

Release Manager

It’s always fairly easy to release the next version of the application, or rollback, whether it be a website, a Windows Form application, or a WPF application – it’s all just source controlled code and scripts that get compiled to binaries (you are using source control, right!?).

Unfortunately, a database isn’t that simple. Oh, sure, the structure is easy enough to change, but there’s always that pesky data that makes us put on the brakes full force before we execute that script.

  • Will I lose that data?
  • Is that data important?
  • Do we have a backup?

What We Learned

This is exactly the situation we recently found ourselves in here at Oakwood.

We have a client that has a very heavy Azure PaaS presence and it’s time we started automating the deployment of databases without the fear of data loss, and in a timely manner.

Introduce Release Management for Visual Studio

As a process, all of the database changes are filtered through a database project, which, just like our code, can be compiled and statically checked against a set of code analysis rules.

Utilizing RMS not only can we setup an Continuous Integration build to compile our database project and run our database unit tests against those changes, at the very end we can kick off an automated deployment process that will (in the most efficient manner) commit our changes to a LIVE database without fear of data loss.

If we run into issues during the deployment (which isn’t just limited to database) we use the workflow in RMS to commit custom rollback steps for the application and database all at one time. The great thing about RMS is that this rollback isn’t just limited to the deployment process. As part of RMS approvals must go through the appropriate channels.

RMS Summary

If your deployment gets all the way to the end of the pipeline and gets rejected, this same rollback workflow will still apply.


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

Hybrid Identity Management: Empowering Users While Protecting Corporate Data

Hybrid Identity Management: Empowering Users While Protecting Corporate Data

Ready to learn about hybrid identity management?  You've been charged with the responsibility of protecting company applications and data while empowering a workforce to be productive from any device, from any location with an internet connection. That's no easy task, especially considering the massive data breaches big corporations have fallen victim to. Plus, you might be busy with just keeping the lights on or you're consumed with delivering on projects. You might not have the time to keep up with all the advancements in technology nor current best practices. And that's understandable.

Keep Users Productive

So, here's a quick general overview of Hybrid Identity and how it can help keep your users productive without making yourself vulnerable. Consumer-based devices are proliferating the corporate world and cloud-based SaaS applications are easy to adopt. This presents a challenge. How can you maintain control of users' application access across internal data centers and cloud platforms? Well, Microsoft has expanded its lineup to include cloud-based identity and access management solutions. This provides you with a powerful set of hybrid identity solutions to maintain a single identity for each user across on-premises and in the cloud.

Windows Server

Graphic courtesy of Microsoft

Hybrid Identity delivers the ability to:

  • Create and manage a single identity for each user across all your data center-based directories, keeping attributes in sync and providing self-service and SSO for users.
  • Sync user identities between data center-based directories and Azure Active Directory for a single identity across all corporate resources in the data center and cloud.
  • Federate identities to maintain authentication against the data center-based directory.
  • Provide SSO access to hundreds of cloud-based applications
  • Enforce strong authentication to sensitive applications and information with conditional access policies and multi-factor authentication.
  • Keep users productive with self-service password reset and group management for both data center and cloud-based directories.
  • Provide IT with security and monitoring reports to help reduce inappropriate user activity and spot irregularities in user behaviors

Enhance End-user Productivity

Hybrid Identity solutions can enhance end-user productivity with self-service and SSO experiences. This helps users by providing them each with a single identity to use no matter what they access, whether they are working in the office, working remotely, or connecting to a cloud-based SaaS app. This equals happy users.

Additionally, Hybrid Identity solutions, can enable users to work autonomously and focus on the task at hand, reducing support costs and work disruptions. Providing users with a self-service solutions to perform tasks such as resetting their password when they forget it, or creating and managing their own groups for collaboration and access to resources is a big win.

Manage and Control Resource Access

IT needs to balance user productivity with the company's need to protect its information. IT needs to retain control of the company's information – and access to applications and resources- across the corporate data center and into the cloud.

For authentication, Microsoft provides solutions for identity sync and federation to create a single identity for each user. It also provides the ability to enforce additional levels of user validation, including multi-factor authentication, and enables conditional access policies, such as a device registration.


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

How to Securely Store Passwords

How to Securely Store Passwords

Have you thought much about how to securely store passwords?  Having users create an account for a website is a very common process these days. Many social websites accomplish this by tying into Twitter, Facebook, or Google accounts with OAuth.

Internal enterprise website sites are more likely to do something with the user's Windows domain credentials. These are all great options that can when used appropriately, give websites more features and information to enhance a user's experience.

Securely Store Passwords

Sometimes a website just needs a standalone user database.  Maybe it will be in a disconnected environment with no Internet or domain, to provide administrative abilities for a paid service, or something else entirely. In these cases, the user's credentials, specifically their password, will be stored in the application's database. The goal of this article is to describe the steps that need to be taken when storing passwords in the database to make sure that it will be very difficult for an evil actor (e.g. hacker) to retrieve one or many of these passwords.

Using a Hashing Algorithm

While the process of securing a password is typically called encrypting, encryption is not a tool that should be used when securing passwords. This is because encryption is designed to be reversed and this conversion from a random string of bytes back into the user's password is the very thing we are trying to avoid. Instead, we want to use a hashing algorithm on the password because they are only one way, so the evil actor cannot extract the password from the has.

Also, we don't want to use just any hashing algorithm such MD5 or SHA2, but instead one that is slow and expensive. This is something that gets magnified on the evil actor's side because they will be several thousands of hashes for every one that the web server will be doing. The slower we can make the hash of a single password, the more expensive it is for an evil actor to get one.

There are three hashing algorithms that are widely accepted for the purpose of hashing passwords: PBKDF2, bcrypt, and scrypt. Of these three algorithms, only PBKDF2 is included in the .NET libraries provided by Microsoft, though both bcrypt and scrypt are available in multiple 3rd party libraries and NuGet packages. The biggest difference between these algorithms is that scrypt is designed to be very memory intensive in addition to the CPU intensity that all three of these algorithms share. The reason that is desired is that it makes it much harder for evil actors to create hardware specifically for hacking the passwords.

Securely Store Passwords Iterations

In addition to choosing a slow hashing algorithm, we want to run the hash several times to further slow down the hashing process. Generally speaking, the number of iterations should be in the thousands, though the exact number will depend on the hardware that the website will be running on and the number of requests the web server will be handling at any one time. The better the hardware and the lower the number of requests, the higher the number of iterations can be without impacting the user's experience. Ideally, the hashing process should take between a tenth and a half a second, though that is something that can change depending on the nature of the website and the data it provides.

Conclusion

By choosing a correct hashing algorithm with thousands of iterations and applying a salt and optionally a pepper to the process, we can get a unique value for each user. This value will be one that evil actors (e.g. hackers) will have a difficult time reversing but can be used rather easily by a web server to verify a user's login information. It will allow the users of the website to have comfort and trust that their information is secure and that no one could impersonate them on the website.


Next Steps

Review our case studies and engagements where we helped companies just like yours solve a variety of business needs.


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

Investigating the Security is Hard Mantra

Investigating the Security is Hard Mantra

Security is hard.  As one of the many companies who have been in the news recently.  Every developer has heard this many times and many have taken them to heart with little question. But with the recent versions of the .NET Framework, many of these security tasks have become rather trivial to code. It's important to share new insights and changes that will allow you to be more productive in the .NET world.

Security Is Hard 101

For example, securely hashing a password with PBKDF2 takes only have a handful of lines:

public string HashPassword(string password, string salt)
{
const int PASSWORD_HASHING_ITERATIONS = 10000;
using (var pbkdf2 = new Rfc2898DeriveBytes(Encoding.UTF8.GetBytes(password),
Convert.FromBase64String(salt), PASSWORD_HASHING_ITERATIONS))
{
var key = pbkdf2.GetBytes(24);
return Convert.ToBase64String(key);
}
}

With these kinds of libraries and frameworks at our disposal, is security still something that's hard? After all, with those ten lines of code we have the beginnings of a login system.

Security STILL is Hard

Unfortunately, the answer is a resounding yes as Ashley Madison has recently found out. After being hacked and having their database and website code exposed, security researchers investigated their password hashes to find that they had followed industry standards: Passwords were hashed with the bcrypt algorithm with an acceptable number of iterations. These researchers estimated that it would take several years to reverse those hashes.

That is, until a group of researchers investigated the code and determined that there was a second field where the password was being stored. The problem, however, was that this field wasn't hashed with an industry standard password hashing algorithm or iterated several thousand times. Instead, the password was hashed once with MD5. Over the course of about ten days, these researchers were able reverse 11 million password hashes.

Open Source Security Tools

Security is still hard because, as Ashley Madison found out, security isn't about individual pieces of code, but as a whole application. It didn't matter that Ashley Madison was correctly hashing the passwords when a user was logging in because the password was exposed in other code. In turn, this means that by itself QA testing of security features cannot determine that an application is secure.

Instead, code reviews and security audits of the application are needed to ensure that it will not expose any confidential data, whether that data be a user's password, proprietary data, or something else entirely. This is why some of the most trusted security tools and frameworks that are available, such as TrueCrypt, KeePass, and OpenSSL, are open-source: Anyone can at any time review the code to see what it's doing and ensure that nothing malicious is taking place. Even this is sometimes not enough to ensure that there are no exploits, as we all discovered with the Heartbleed bug in OpenSSL a year before.

This is why repeat the “Security is Hard” mantra and why third-party services and frameworks are so highly suggested when the topic of security comes up. Most companies simply don't have the time, resources, or expertise to ensure that their applications are secure by themselves, especially if security isn't their product. By using something like ASP.NET Identity and/or OAuth with another service like Google or Facebook for logging in, the security of an application's authentication can be reasonably assured.


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

Ransomware Background and Protection

Ransomware Background and Protection

Ransomware is malicious software.  It is covertly installed on a victim’s computer.  The intent is to hold your computer and files for ransom, as a result, rendering them unusable until you pay a ransom fee.  We understand how to identify where vulnerabilities are and approaches to mitigate having to pay money to get your stuff back!

In The Beginning

The first known ransomware was called “AIDS”, released in 1989 which used symmetric cryptography to encrypt the names of files on the victim’s hard drive and demanded $189 to be paid to the PC Cyborg Corporation to receive a repair tool. The flaw with symmetric cryptography is that the key could be extracted from the ransomware code.

In 1996, the idea of public key cryptography was introduced by Adam Young and Moti Yung using asymmetric cryptography, which in essence means that the ransomware only contains the encryption key, and the attacker can only decipher it and then provide the symmetric decryption key to the victim once the fee is paid.

Here Comes CryptoLocker!

By mid-2006, new ransomware was being released using more sophisticated RSA encryption schemes in which the encryption keys were increasing in size and complexity. By 2013, a newer form of ransomware called CryptoLocker emerged using the Bitcoin currency platform to collect the ransoms, procuring more than $27 million from infected users, according to ZDNet. Other variants of ransomware exist which are non-encrypting, referred to as Lockscreen ransomware, sometimes using premium rate SMS or high international phone rates to obtain the method to access your PC.

RaaS Enters The Scene

In addition, the ability for less skilled attackers to launch ransomware campaigns has increased tremendously due to the emergence of ransomware-as-a-service (RaaS) offerings on the dark web. It’s also being coupled with exploit kits and other malware to gain persistence in the victim’s environments.

Symantec has classified ransomware to be the most dangerous cyber threat. Your PC can become infected from various sources:

  • Visiting unsafe, suspicious or fake websites
  • Opening e-mails and e-mail attachments from unknown sources
  • Clicking on malicious links in e-mails, social media posts, IM, Skype, or other applications

Ransomware 101

Several suggested methods for protection have been published.

  • Ingress protections
  • Auto-scale endpoint protections
  • Behavior protection deterministic detections leveraging deep packet inspection
  • Reputational services
  • High value asset protection, containment, and isolation
  • Response planning
  • Offline backups
  • Regular malware hunting and validation (being proactive)

The O365 team also recommends the following:

  • Security awareness and education
  • Keep antivirus/anti-malware solutions running and updated
  • Enable Microsoft Active Protection Service (MAPS) cloud based protection
  • Don’t just backup your data but also test your backups and verify
  • Use OneDrive for Business (allows for recovery)
  • Beware of phishing e-mails and malicious attachments
  • Keep Windows and installed software up to date
  • Enable file history or system protection
  • Use Exchange transport rules to protect users against e-mails with attachments vulnerable to Ransomware

Anti-Ransomware Tools and Solutions
Oakwood offers a number of tools and solutions designed to detect and remove screen-locker ransomware. Contact us to set up a 1:1 call with a dedicated security expert.


Next Steps

Review our case studies and engagements where we helped companies just like yours solve a variety of business needs.


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.