Getting Set up With Windows 365

Cloud computing and Cloud PC has come a long way in the last couple of decades. As a way of delivering various on-demand IT resources over the internet, cloud computing has an endless list of applications. These can then offer individuals and organizations alike access to resources that may otherwise be beyond their means. As you can imagine, the cost of running an on-premises IT environment can be very steep. This is why cloud computing is being adopted by a lot of organizations as they realize the benefits and convenience you get. And Microsoft has been providing these services for … Continue reading

Understanding The Microsoft 365 Stack For Cloud Security

Microsoft 365 (M365) provides businesses with a solution that empowers people to fully utilize their creativity while working together securely. The Microsoft 365 Stack is your IT security blanket. All of the features that you get should enhance the productivity of your business. But, the key to all of this is keeping your data secure. Incidents of security breaches have been steadily increasing over the last few years so data security should be a top priority for all businesses. By understanding how the Microsoft 365 stack operates, we can see how the available features can strengthen your cybersecurity. What’s in … Continue reading

What You Need to Know about Microsoft Endpoint Manager’s Tamper Protection

With cyber threats being such a huge problem, the last thing your organization needs is vulnerable security. And this can be worsened if malicious actors manage to disable your security. So with that in mind, Microsoft introduced Tamper Protection to increase your organization’s security by making it significantly harder for cybercriminals to infiltrate your network. It gives you a better security posture and allows your IT team to ensure greater protection over corporate resources. And so today we’re going to dive into what exactly Microsoft Endpoint Manager Tamper Protection is and what it can do for your organization. What is … Continue reading

How AppLocker Improves Security and Compliance

The security of your organization is not something that you can afford to leave to chance. The wave of cybercrime over the last few years has been unrelenting. This is why you need to take advantage of platforms such as AppLocker. By leveraging its application whitelisting feature, you’ll get a very powerful way of stopping a multitude of attacks. And if you configure it correctly, you can massively increase the amount of time it would require for a cyber-attacker to get around the system. This is the kind of innovative technology that can enhance the security of your organization. Hence … Continue reading

Controlling User App Access With AppLocker

Most organizations could probably gain some benefits from deploying application control policies. This is something that your IT guys could use to make their work easier and improve the overall management of employee devices. AppLocker is a platform that will give admins control over which apps and files users can run including packaged app installers, scripts, executable files, Windows Installer files, DLLs, and packaged apps. Because of its features, AppLocker will help organizations to reduce their admin overhead and the cost of managing computer resources. With that said, let’s go over how AppLocker helps you to control user app access. … Continue reading

Using SCCM CI Baseline to check for expiring user certificates

The topic is almost self explaining. You need to monitor specific user-based certificates, to avoid a situation where they have already expired. You can add this to your daily security compliance checklist. Prerequisites for running CIs can be found here: Compliance Baseline prerequisites Create Configuration Item Go to Assets and Compliance, Compliance settings Configuration Items, right click and select Create a new configuration item: Provide the name CI – Script – USER CERT Expiration check, leave the configuration item type as Windows and press Next: Optionally you can provide a description that gives an overview of the configuration item and … Continue reading

Smart Card device integration into Windows 10

All the joys of Windows 10….. now on 1709 Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)               Windows 10 new has support for eTokens (SafeNet Tokens) I was very pleased with this update, it will save me yet another application to install. I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me. I am using the following it with: … Continue reading

Bad Rabbit Ransomware

A new ransomware has seen the light. Bad Rabbit ransomware is currently roaming Eastern European countries. Bad Rabbit is mainly delivered using a fake Flash Update. This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started. Secure you clients now! 1. Blacklist the hashes 2. Block the files 3. Lock the registry entries. 4. Remove your local administrative privileges, if you can’t? Limit them and monitor using: Access Director Enterprise Bad Rabbit IOCs: Hashes: install_flash_player.exe: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da infpub.dat: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648 cscc.dat (dcrypt.sys): 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6 dispci.exe: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93 Files: C:\Windows\infpub.dat C:\Windows\System32\Tasks\drogon C:\Windows\System32\Tasks\rhaegal C:\Windows\cscc.dat C:\Windows\dispci.exe Registry entries: HKLM\SYSTEM\CurrentControlSet\services\cscc … Continue reading

Protect Yourself Against Petya Ransomware

The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations. Access Director can help you by removing permanent local admins. Recommendations for Enterprises Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability. Consider disabling SMBv1 to prevent spreading of malware. Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know. Ensure you have the … Continue reading

Multiple subdomains with LetsEncrypt? YES!

Need to add multiple subdomains with LetsEncrypt? maybe Certificate for WWW and non-WWW? do a dry run, to test it ./certbot-auto certonly -d -d -d -d -d –dry-run I tested it with apache2 works great!