Saturday, July 8, 2017

An Instagram Bug Is Deleting Accounts At Random

Instagram users are finding themselves locked out of their accounts for no apparent reason. Some are even getting a “Sorry, this page isn’t available message” when trying to visit their user profile. However, Instagram has blamed a bug for the problems, and promised to fix the issue ASAP.
Like all social networks, Instagram relies on you using it every day. As soon as you stop being active, social networks suffer, and a MySpace-like future beckons. Instagram is showing no signs of collapsing, but preventing people from accessing their accounts certainly isn’t going to help.


Help! My Instagram Account Has Been Disabled

Complaints from Instagram users starting popping up online on Thursday (July 6). People were finding themselves locked out of their accounts having been shown one of a handful of error messages. Instagram’s social media accounts are full of angry messages from frustrated users.
Some were told they’d had their accounts disabled for violating Instagram’s Terms of Use, even though they’re sure they haven’t broken any rules. Others were prompted to enter their phone number in order to verify their account. But entering the relevant security code didn’t work.
Instagram tweeted out an explanation, blaming “a bug that’s causing some users to be logged out of their accounts.” The company has also promised that it’s “working to resolve this as quickly as possible.” In the meantime, a small percentage of Instagram users have been locked out of their accounts, and left wondering whether they’ll ever actually get back in. And it’s still happening.

Call Us Cynical, But…

We really hope this is just a minor bug that Instagram can fix quickly and efficiently. However, withdata leaks being revealed years after they occur, and cyberwars masquerading as ransomware, we reserve the right to be cynical about any app exhibiting strange behavior such as this.
Do you have an Instagram account? Have you accessed it over the last few days? If so, has your account been disabled? Do you buy Instagram’s explanation that this is all down to a bug? Or do you think there’s more going on here? Please let us know in the comments below!
Posted by at No comments:
Labels:

Friday, July 7, 2017

Top 11 Search engines that ranked in order of market share

You know, apart from the most obvious search engine. And possibly the second most obvious one too. In fact I’ll start again, what are the eight most popular search engines after Google and Bing?
The first list below contains the most popular search engines currently available, ordered by most to least popular in the US. The ranking is according to eBiz, it’s in order of estimated unique monthly visitors and is accurate as of August 2016.
The second list is a global overview of most popular search engines, according to Net Market Share, which is ranked in order of market share and is again accurate as of August 2016

US

1) Google

google
Estimated Unique Monthly Visitors: 1.6 billion
Alexa Rank: 1
Google Starting Date 4 September 1998
Why should you use it?
With 72.48% of the world’s market share of search, as a marketer you don’t really have a choice not to use it for both paid and organic reach.
As an every day user, for all of our cynicism and occasionally flippant references to The Circle, you have to admit Google is utterly indispensable in your every day life. For every interference (the constant curtailing of organic results) there are 10 triumphs… Google Maps, Gmail, the terrifying relevance of Knowledge Graph, the killing of payday loan ads, AMP
Where the heck would we all be without the… yes, I’m going to say it… search giant.

2) Bing

bing
Estimated Unique Monthly Visitors: 400 million
Alexa Rank: 22
Bing Starting Date June 1, 2009
Why should you use it?
As I said in earlier in the year in the aforementioned ‘alternatives to Google’ post, there are some great reasons to choose Bing:
  • Bing’s video search is significantly better than Google’s.
  • Bing often gives twice as many autocomplete suggestions than Google does.
  • Bing has a great linkfromdomain:[site name] feature that highlights the best ranked outgoing links from that site, helping you figure out which other sites your chosen site links to the most.

3) Yahoo

yahoo
Estimated Unique Monthly Visitors: 300 million
Alexa Rank: n/a
Yahoo Starting Date 2 March 1995
Why should you use it?
Well that’s all a but up in the air at the moment, as Verizon has just purchased Yahoo for $4.8 billion dollars and is planning on merging it with AoL.
Yahoo will continue to operate independently pending regulatory approval of the deal, which is expected to be completed by early 2017. After this, all of Yahoo’s news, finance and sports platforms will be added to AOL’s media assets, which include The Huffington Post and TechCrunch.

4) Ask

ask
Estimated Unique Monthly Visitors: 245 million
Alexa Rank: 31
Ask Starting Date June 1996
Why should you use it?
Despite Google’s determination to be the ultimate font of all knowledge on its own SERP, Ask is still good for specific question related searches, with results centring on Q&A related matches.
And hey, sometimes it’s nice to get help from a butler.

5) Aol Search

aol
Estimated Unique Monthly Visitors: 125 million
Alexa Rank: n/a
Aol Starting Date 1983
Why should you use it?
As mentioned above, the AOL you know and possibly love may become a different beast once Verizon Communications merges it with Yahoo.
Let’s remember simpler times….

6) Wow

wow
Estimated Unique Monthly Visitors: 100 million
Alexa Rank: 767
wow Starting Date 1996
Why should you use it?
Because it works more like a news site then a search engine, which is handy if you want everything in one place. There is a strong lean towards news and celebrity based articles rather than pure Wikipedia-style information, but the handy links to related social channels and wiki pages are useful.

7) WebCrawler

webcrawler
Estimated Unique Monthly Visitors: 65 million
Alexa Rank: 674
WebCrawler Starting Date April 20, 1994
Why should you use it?
WebCrawler has a far clearer delineation between paid search ads and organic results. It also seems to feature far more natural ’blue links’ than Google.

8) MyWebSearch

mywebsearch
Estimated Unique Monthly Visitors: 60 million
Alexa Rank: 405
Why should you use it?
Uh… don’t.
According to the Malware Wikia, MyWebSearch is a spyware and search toolbar program that allows the user to query various popular search engines and comes bundled with an exhausting suite of ‘goodies’ such as such as Smiley Central, Webfetti, Cursor Mania, My Mail Stationary, My Mail Signature, My Mail Stamps, FunBuddyIcons… the fun goes on and on.
Most damningly of all though, Malware Wikia reports that despite it not carrying any malware attributes, an independent repair lab has classified the toolbar as a nuisance because of “slowdowns in return for features that are already built into many modern web browsers.”

9) Infospace

infospace
Estimated Unique Monthly Visitors: 24 million
Alexa Rank: 2,110
infospace Starting Date March 1996
Why should you use it?
You may be using it already… InfoSpace is a “provider of white label search and monetization solutions” and it also operates its own branded search sites, including the metasearch engine Dogpile, as well as Zoo.com and WebCrawler (as mentioned above.)

10) Info.com

info.com
Estimated Unique Monthly Visitors: 13.5 million
Alexa Rank: 1,938
info.com Starting Date 
Why should you use it?
Info.com aggregates results from the indexed web AND social media channels. It monitors real-time social conversations and according to them, it delivers “newsworthy, trending, and popular results before they hit the indexed web.” These streams are classified into structured topics which provides additional context and insight.

Bonus: 11) DuckDuckGo

DuckDuckGo Starting Date September 25, 2008
Honourable mention to DuckDuckGo, the new kid on the block that doesn’t store your personal information, which has managed to accrue 13 million unique monthly visitors and is currently the 11th most popular search engine in the US.

Worldwide

Here’s the marketshare worldwide for search engines…
search engine market share
1) Google – 72.48%
2) Bing – 10.39%
3) Yahoo – 7.78%
4) Baidu – 7.14%
5) Ask – 0.22%
6) AOL – 0.15%
7) Excite – 0.01%
Posted by at No comments:
Labels:

Thursday, July 6, 2017

Top 10 of the World’s Most Famous Hackers 2017

Not all hackers are bad. The good ones are called “white-hat hackers” and use hacking to improve computer security. The ones who are just having fun are called “gray-hat hackers.” But the malicious kind you’re thinking of? They’re called “black-hat hackers.”
And they can cause a lot of harm, as history has shown. Here are some of the most infamous and nefarious “black hatters,” what they did to earn their reputations, and where they are today.

1. Kevin Mitnick

The U.S. Department of Justice called him the “most wanted computer criminal in U.S. history” — that’s how notorious he was. Kevin Mitnick’s story is so wild that it was even the basis for a featured film: Track Down.
What did he do? After serving a year in prison for hacking into the Digital Equipment Corporation’s network, he was let out for three years of supervised release. But near the end of that period, he fled and went on a 2.5-year hacking spree that involved breaching the national defense warning system and stealing corporate secrets.
Where is he now? Mitnick was eventually caught and convicted with a five-year prison sentence. After fully serving those years, he became a consultant and public speaker for computer security. He now runs Mitnick Security Consulting, LLC.

2. Jonathan James

The story of Jonathan James, known as “c0mrade,” is a tragic one. He began hacking at a young age, managing to hack into several commercial and government networks and being sent to prison for it — all while he was still a minor.
What did he do? James eventually hacked into NASA’s network and downloaded enough source code — assets equaling $1.7 million — to learn how the International Space Station worked. NASA had to shut down its network for three entire weeks while they investigated the breach, costing an additional $41,000.
Where is he now? In 2007, several high-profile companies fell victim to numerous malicious network attacks. Even though James denied any involvement, he was suspected and investigated. In 2008, James committed suicide, believing he would be convicted of crimes he didn’t commit.

3. Albert Gonzalez

Gonzalez started off as the leader of a hacker group called ShadowCrew. In addition to stealing and selling credit card numbers, ShadowCrew also fabricated fraudulent passports, health insurance cards, and birth certificates for identity theft crimes.
What did he do? Albert Gonzalez paved his way to internet fame when he collected over 170 million credit card and ATM card numbers over a period of two years. He then hacked into the databases of TJX Companies and Heartland Payment Systems to steal all of their stored credit card numbers as well.
Where is he now? Gonzalez was sentenced to prison for 20 years (two sentences of 20 years to be served simultaneously) and is scheduled for release in 2025.

4. Kevin Poulsen

Kevin Poulsen, also known as “Dark Dante,” earned his 15 minutes of fame by utilizing his intricate knowledge of telephone systems. At one point, he hacked a radio station’s phone lines and fixed himself as the winning caller, earning him a brand new Porsche. According to media, he was the “Hannibal Lecter of computer crime.”
What did he do? Poulsen got himself onto the FBI’s wanted list when he hacked into federal systems and stole wiretap information. He was later captured in a supermarket (of all places) and sentenced to 51 months in prison and a bill for $56,000 in restitution.
Where is he now? Poulsen changed his ways after being released from prison in 1995. He began working as a journalist and is now a senior editor for Wired. In 2006, he even helped law enforcement to identify 744 sex offenders on MySpace.

5. Gary McKinnon

Gary McKinnon, known as “Solo” on the internet, allegedly coordinated what would become the largest military computer hack of all time.
What did he do? Over a 13-month period from February 2001 to March 2002, McKinnon illegally accessed 97 computers belonging to the U.S. Armed Forces and NASA. He claimed he was only searching for information on free energy suppression and UFO cover-ups, but according to U.S. authorities he deleted a number of critical files and rendered over 300 computers inoperable, resulting in over $700,000 in damages.
Where is he now? Being of Scottish descent and operating out of the United Kingdom, McKinnon was able to dodge the American government until 2005, when he faced extradition. After a series of appeals, Theresa May blocked his extradition on the grounds that he was “seriously ill” and that extradition would be “incompatible with [his] human rights.”

6. Robert Tappan Morris

Robert Tappan Morris picked up his knowledge of computers from his father Robert Morris, who was a computer scientist at Bell Labs and later the NSA. Morris is credited as the creator of the world’s first known computer worm.
What did he do? In 1988, he created the Morris Worm while a student at Cornell University. The program was intended to gauge the size of the internet, but it had a flaw: computers could be infected multiple times, and each infection caused the computer to slow down even more. It rendered over 6,000 computers unusable.
Where is he now? In 1989, Robert Tappan Morris was found to have violated the Computer Fraud and Abuse Act. He was sentenced to three years of probation, 400 hours of community service, and a $10,050 fine. He eventually founded Y Combinator and is now a tenured professor at the Massachusetts Institute of Technology.

7. Loyd Blankenship

Loyd Blankenship, known as “The Mentor” in hacking circles, has been an active hacker since the 1970s. He was a member of several hacking groups in the past, most notably Legion of Doom (LOD).
What did he do? Blankenship authored an essay called Mentor’s Last Words (also called Conscience of a Hacker and Hacker Manifesto), which he wrote after being arrested in 1986. The essay has come to be seen as a kind of cornerstone for hacking culture.
Where is he now? Blankenship was hired by Steve Jackson Games in 1989 to work on GURPS Cyberpunk. The U.S. Secret Service raided his home in 1990 and confiscated the game’s rulebook, calling it a “handbook for computer crime.” He has since given up on hacking, now living as a musician and freelance game developer.

8. Julian Assange

Julian Assange began hacking at the age of 16 under the name “Mendax.” Over four years, he hacked into various government, corporate, and educational networks — including the Pentagon, NASA, Lockheed Martin, Citibank, and Stanford University.
What did he do? Assange went on to create WikiLeaks in 2006 as a platform for publishing news leaks and classified documents from anonymous sources. The United States launched an investigation against Assange in 2010 to charge him under the Espionage Act of 1917.
Where is he now? Assange is currently holed up in the Ecuadorian embassy in London, fearing extradition to the United States.

9. Guccifer 2.0

Who is Guccifer 2.0? Nobody knows for sure — it could be a person or a group masquerading as a person. The name pays homage to a Romanian hacker (known as “Guccifer”) who often targeted U.S. government officials and others of political prominence.
What did they do? During the 2016 U.S. Presidential Election, the Democratic National Convention’s network was hacked. Thousands of documents were leaked on WikiLeaks and elsewhere. Many believe that Guccifer 2.0 is a cover for Russian intelligence, but in an interview withVice, Guccifer 2.0 claims he is Romanian and not Russian.
Where are they now? Guccifer 2.0 disappeared just before the U.S. Presidential Election, then reappeared once in January 2017 to assert that he had no ties to Russian intelligence.

10. Anonymous

Anonymous may be the most well-known “hacker” of all time, yet also the most nebulous. Anonymous is not a single person but rather a decentralized group of hackers with no true membership or hierarchy. Anybody can act in the name of Anonymous.
What did they do? Since its debut in 2003, Anonymous has been credited for attacking several notable targets, including Amazon, PayPal, Sony, the Westboro Baptist Church, the Church of Scientology, parts of the dark web, and the governments of Australia, India, Syria, the United States, among dozens of others.
Where are they now? Anonymous continues its hacktivism to this day. Since 2011, two related hacking groups have spawned from Anonymous: LulzSec and AntiSec.

Staying Safe Against Modern-Day Hackers

If you’re afraid that a hacker like one of the above will ruin your life, don’t worry. They prefer to go after big organizations and entities. To learn more, check out these interesting documentaries about hackers.
But you should be wary of another kind of hacker: one who wants to steal your data for personal gain. To stay protected, be sure to heed these expert security tips and avoid these common password mistakes.

Which of these hacker stories do you find most interesting? Are there any other world famous hackers that we overlooked? Let us know in the comments below!
Posted by at No comments:
Labels:

Wednesday, July 5, 2017

Deconstructing Code Signing: how to get the certificate, sign a code and verify signatures?

I have my virtual machine up and running and on my desktop, I have my RDcache utility. This utility is written for some forensic purposes and it’s not digitally signed. It was written a long time ago. You can see there is no digital signature over here. There is interesting fact here: it is not written as you can spot by the icon in any of Microsoft development environments and still can be perfectly well signed, without any problem.
1

Step by step on how to get the certificate

To have a digital signature, first, we have to have the certificate used for signing.
It can be any certificate with the proper purpose, for example, I can run PowerShell and then issue a command New-SelfSignedCertificate with the proper KeyUsage and then CertSign and so on and so on. But such certificate will be next to useless because it will be only trusted by myself. It will verify if the file was not altered. It’s not the best approach.
If you are signing file for internal usage like your own company utilities and so on, you can use CA your own Certificate Authority for this purpose. To do this you have to manage templates. I will switch to Certificate Authority over here. I will launch my Certificate Authority console and under certificate templates and by default there is no template about code signing. It will load in a second. It has to be loaded from Active Directory. Now I can right click, select manage, go to the templates and select code signing template, duplicate it and apply my own name: CQ Signing.
2
And go to other properties to verify how I can issue a certificate based on this template if all those properties are acceptable for me. Of course, I can click okay and I have a CQ Signing template being present.
If I return to the Certificate Authority console I can click new certificate template to issue and I can select secure signing for code signing purposes. Click okay and now my Certificate Authority will issue certificates for the purpose of signing.
3
If I return right now to my machine with that executable for being signed I can exit from PowerShell, and go to certificate management by typing certmgr. It will allow me to ask for the certificate.
You can see there is no certificate within the personal store and I can:
  1. click all task,
  2. request a new certificate,
  3. and using this wizard, refer to my Active Directory,
  4. wait for the information about the certificate templates
4
You can see CQ Signing is present over here, I can click and click enroll and after enrollment, which should be successful, in a couple of seconds, you will see the certificate will appear on the list.

Using the certificate for signing

It means I have the code signing certificate on my user account and now I can use this certificate for the signing. The status is succeeded. If I click finish, under certificates, I can see a certificate issued to the administrator because I’m logged on as an administrator with intended purpose code signing and is issued by my lab CA right now.
5
So how can I use this particular certificate for signing a binary file?
I can use any of commercial tools but we are living with PowerShell so it can be done in a smarter way. Let’s launch PowerShell again. Remember that PowerShell can access certificates like the files on the drive so I can do Get-ChildItem and do cert:\ and now select CurrentUser, My and then I can select the certificate. This is the certificate I have on my machine. I can observe it, you can see it’s freshly issued. I can access its properties and what I can do is to assign this certificate (by using Get-ChildItem( into a PowerShell variable.
9a
So I will do $cert1 equals Get-ChildItem and after the certificate I have it stored in the $cert1 variable.
What I have to do right now is to use a commandlet Set-AuthenticodeSignature, and then specify parameters.
6
The first one is about the certificate, and I can specify my variable, $cert1. The next parameter is about file path, and now I can specify on my desktop there is an RDcache.exe. That’s actually all. You can see the status is valid. If I right click on the RDcache and go to properties, you can see a couple of tabs more than previously, especially the digital signature. So you can have the name of the signer taken out of the certificate, you can see the digest algorithm which is not the most modern one, I can say, and should be not used.
7
We can specify the algorithm as a parameter for PowerShell commands. If I click on details I will see details of the certificate from the Certificate Authority. This way of signing is working in an acceptable way, especially if you can view the certificate, you can see this is the certificate that is trusted, for example within my environment. Which is okay for many internal usage applications.
8
But it’s not the best approach for a publicly available code. Another thing is that this way of signing your stuff is about no timestamp over here. Because here we do not have any timestamp. If I click onto details again, you can see under the properties of the certificate the validity period is for one year. What does it mean? It means if the certificate is not valid (his validity expired) if this time finishes this signature will be no longer valid because the certificate is no longer valid.

Validity date of the certificate

It is pretty interesting because we can imagine, for example, drivers for our devices being present in the operating system and that time of the validity of the certificate is over. It means those drivers will not work. Of course, this is not a scenario you can observe in your operating system. If you verify the validity date of the certificate for your drivers you can easily realize some of your drivers have already their certificate after the expiration date. Because the certificate was valid at the moment of signing, not the moment of running or verifying the signature. So for having proof that the certificate was valid at the moment of signing, the only way of doing this, is to use a special time stamping. Providing trusted source of the time for the signing of the certificate.

Use time stamping

For such purpose, I will switch to my command line here. And here, I have:
  • my RDcache which is not digitally signed yet,
  • my PFX file which is official CQURE code signing certificate.
I can try to use it for signing with the time stamping being present. I will:
  1. Launch PowerShell.
  2. Do $cert2 (Let’s name it a different way, even if it’s another machine). Get-PfxCertificate, because I will take the certificate not from my store but out of the PFX file.
  3. The file is SignCqureAG.PFX. If I do not specify any password here, I will be prompted for the password.
  4. In the $cert2 I have my certificate being stored with all the properties such as subject and so on.
  5. I can use exactly the same command Set-AuthenticodeSignature, and I can specify that Certificate is $cert2 and the FilePath is RDcache.exe.
  6. The third parameter, need it now, TimestampServer is for my case http://tsa.startssl.com/timestamp
910
Right now I, am obtaining a stamp for the time, using the certificate. If I go into properties of this file I can use explorer for this purpose. I can easily see, under properties, I have digital signatures and you can see timestamp is being applied.
11
My certificate will expire in two years but it will not have to be valid to have a file being digitally signed in an acceptable and trusted way.
Actually, there’s a huge bunch of files you can digitally sign, but it’s most interesting about your MSI files, about .exe files, and about .dll files because those are spread most widely.
As you can see it is not a rocket science if you have a certificate you can digitally sign your stuff, and make it trusted by others not only by you. You can easily verify if some content was manipulated or not.

Is it useful for IT Pros and Developers?

The question may appear if it is useful for typical IT Pros, or maybe more for developers. Actually, I tried to explain it in a way being useful for IT pros because IT pros are the main set of our viewers, our readers. To have IT pros spreading this information to developers.
Please go to your developers right now, and ask them about the code they are compiling, and executable files they are developing and try to establish a signing process and start signing your software right now.
My advice is to try to play with these features on your own. It’s very simple as you can see. It’s very useful. There’s nothing harmful in signing your own code. Please try and see how it’s working in live environments as well. You can also ask some questions because sometimes this topic is not very straight forward.

Have some questions about Code Signing?

I will try to help you if you have any practical issues with applying such things – just put some comments in the comment section.
Posted by at No comments:
Labels: ,

Tuesday, July 4, 2017

Upgrade your security thanks to these powerful features in the ConfigMgr

In this interview, I asked Wally Mead to reveal how to upgrade your security thanks to new and powerful features in the ConfigMgr.
When most think of System Center Configuration Manager, there’s a one person that comes to mind: Wally Mead.
Paula:
I’m pretty sure that if you are interested in deployments you’ve seen Wally Mead speaking before at the various conferences. Wally is a Principal Program Manager at Cireson and he’s also engaged in different kinds of blogs, forums.
Can you give our listeners what would be the blog?
Wally:
I used to do a lot on the TechNet forums, but now I primarily work on our Cireson, and we have our own community site, which is kind of like a TechNet forum, but it’s at Cireson.com. You can get to the community from there, and I help answer questions on our internal products for the customers as well as Configuration Manager questions.
Paula:
That’s cool, and Twitter? Do you tweet?
Wally:
I have a Twitter account, @Wally_Mead.
Paula:
Okay, that’s great. So you should, guys, definitely check out. And as far as I know you’ve been 20, 22 years in Microsoft, right?
Wally:
22 years at Microsoft where I started with SMS before it was called SMS.
In the first initial stages of SMS 1.0 all the way up through Configuration Manager 2012 R2, I think, is when I left.
Paula:
So you got the knowledge directly from the source?
Wally:
I had very good access to the source, yes.
Paula:
Do you still cooperate closely with the Microsoft guys?
Wally:
I do, I have lunch with a number of them occasionally. I get to meet with them and they’re very kind to answer my questions if I email.
Paula:
That’s perfect, yes. So, well, today I’ve got a couple of disturbing questions about ConfigMgr.
Wally:
Oh, it’s disturbing.

Using Configuration Manager as a security tool

Paula:
How often do you see security being part of deployments with ConfigMgr or in general?
Wally:
Most people don’t think about Configuration Manager as a security tool, but there are a couple different ways you could look at it. One is, you have to secure your environment itself. So the product group has done a very good job of making sure that Configuration Manager itself is secure. For example, when there are different configuration settings, they always go with the most secure setting by default and then let the administrator opt out to change that if they want to. And then they architect it to try and be as secure as possible, making sure that the administrators have rights to only do what they need to do in the console. More importantly, what people usually think about Configuration Manager is how they can use it to help secure their environment, and traditionally the most common thing that people think about Configuration Manager in that aspect is deploying security patches.
It has been great for a number of years to be the mechanism to keep your Windows environment up to date, with the identification of security patches, downloading them, preparing them, and then getting them delivered out to your clients according to your administrator settings.

Configuration Manager feature:  Automatic Deployment Rules

Paula:
Well, from our side, we see a lot of companies that, for example, have Configuration Manager but they’re not that much up to date. Is it very difficult to manage this?
Wally:
If they put the time and effort into it … Configuration Manager actually has a really cool feature called Automatic Deployment Rules, which are basically an enhancement on WSUS Automatic Deployment Rules or whatever they call them, Automatic Approvals, that will help automate the process. So once you configure your rules, Configuration Manager will automatically find the updates that are appropriate, download them for you, package them up, and then create the deployment to get them out there. So it’s really the investment you have to prepare those rules the way you want them, get the updates downloaded and deployed as you want, and then just do your monitoring from there.
Paula:
So I guess like, being an administrator in a company having a lot of stuff to do, that’s not really the task that you are able daily to spend your time. Maybe that’s where the problem comes from, right?
Wally:
Right, and that’s where the Automatic Deployment Rules really help: to automatethat and get you so that you can now start concentrating on other aspects of your environment without having to worry about your day-to-day security needs.
Paula:
What would be like your prediction for the time that has to be spent, for example, daily to take care of that process in a company?
Wally:
Honestly, not much. It’s if you don’t keep up to date then it’s a big struggle because the world is evolving daily as far as security issues, and trying to keep up to date, then it gets to be much more of a pain. And then you want to try and get antivirus software out there, anti-malware, you want to try and secure your desktops, you want to secure your mobile devices, all those things jump into the play, and then they distract from keeping things up to date and getting everything implemented the way you want. So most people try and tackle the thing that’s high on their minds, or what the CEO says, “Hey, you got to make sure you do this.” They’ll focus their energies on that, then when they find the spare time they’ll jump onto something else.

System Center Endpoint Protection as a tool to use for vulnerability management

Paula:
That’s a good point. What about the System Center Endpoint Protection? Because I found that this particular solution is a pretty cool tool that you can use for vulnerability management. So what do you think about this one?
Wally:
Yeah, it’s very good. When we first created it in the Configuration Manager and started implementing it, most people didn’t use it, but it’s not because of lack of features –  it was more that they already had a contract, a license, with a third party vendor, whether McAfee or Symantec or whoever. And they already had spent their hundreds of thousands or millions of dollars on that, so they wanted to finish off what they had. So once their license was expiring, then they would go and look at the free solution from Microsoft that integrates great with ConfigMgr. They would do a comparison and, “Wow, it does essentially the same thing and I can get it for free versus spending hundreds of thousands of dollars a year.” Then they would start migrating over and find out, “Hey it does the exact same thing that the other guy did. And gives me better reporting because it’s built into the console with Configuration Manager.”
Paula:
Yeah, definitely. There are many types of tools that are out there that you have to pay for additionally that are performing the software scanning and so on. All that stuff can be done within the ConfigMgr, right?
Wally:
Right, right. And ConfigMgr, just about every release they add new settings to endpoint protection to help control or identify more Malware, as well as give you more administrative controls over what you do when the age it finds something it’s not sure what to do with.

Security features in the newest release of Configuration Manager

Paula:
Okay, cool. And what about the security features that are introduced in the newest release of ConfigMgr? Is there something valuable from the company’s perspective?
Wally:
Well, there’s a lot of things. I just did a session yesterday and all the things that have happening current branch since it released, and a lot of those were security related. Especially, the world has been going mobile now, and as you start integrating with Microsoft Intune into ConfigMgr, there’s a lot of settings in there to help you lock down your mobile devices. That’s one of the first things people want to do, is when they want to bring their mobile devices in, they want to get access to email, but the company wants to secure that. So you start locking down the device to have specific pin requirements, or password resets, or whatever it is. That’s a great capability in Configuration Manager to lock down those mobile devices, but they’re starting to carry that through to the desktop platforms with conditional access. You can’t get access to your email until your PC meets certain requirements that the administrator has set for you.

There’s Windows 10, a lot of integration there with managing the updates of Windows 10, creating servicing plans and servicing rings to help get new builds of Windows 10, which are even more secure by default, deployed out to appropriate pockets of environments or users, meaning your collections, at designated time periods. Integration with Windows Advanced Threat Protection. So the endpoint protection is great to keep things from happening, but if something does happen, then Advanced Threat Protection helps you identify what did happen and figure out how to prevent it in the future. A lot of cool things happening there. Upgrade analytics, as well as a lot of new dashboards in the console to make the information you’re getting from ConfigMgr more readily accessible to those that really need it, such as management who doesn’t want to look at statistics in a chart, they want to see a graph that’s pretty.
Paula:
Yeah, exactly. Does it look the same like in OMS?
Wally:
Yeah.
Paula:
Sort of like the pretty graph where you…
Wally:
Correct, for management.
Paula:
Actually, I was in a meeting with the management, and I was showing some part of this because we had some security project to do, and this is something that they really loved because it’s pretty.
Wally:
Yeah, yeah.
Paula:
It’s pretty, it’s meaningful, and for them, it’s like, “Oh, all green.”
Wally:
Right, right. They look at the red versus green and yellow, yes. And that’s a cool thing that ConfigMgr has done over the last couple of releases, specifically the last one, was in the area of patching, they have a new feature called Server Groups, so the ability of, in essence, taking a collection of clients, which could be desktops, your laptops, your servers, and treating them as a cluster so that you can control the patching order of them. So I want to make sure that my domain controller gets patched first, then it’s my site server, then it’s my IIS web server, then it’s whatever other. But you can control the order of those, and it will only move to one after the previous one’s finished completing. So you have a lot more control over how the patching process happens in Configuration Manager now.
Paula:
Yeah, that’s definitely something that companies should look at because, as I said, we often see in the penetration desk for example that there is System Center, and they’ve got it, so it’s like they’re halfway to the success, right?
Wally:
Right, right.
Consulting company: the best people to learn from
Paula:
But then they are not doing anything good because it’s so difficult for people that are like performing regular administration and they simply have no time.
Wally:
Right, right. And all these products there, they’ve got tons of power to them as you state, but they do take a little while for the learning curve to get up to speed with them to figure out how to implement this solution that you want, get my environment more secure. You can easily do that, it just takes a little bit of time and effort to get there.
Paula:
So I was, well correct me if I’m wrong, but I would say that the easiest way to keep it rolling is to just invite a super specialist that can do this for you, because then someone comes over, analyzes your environment, is like, “Okay, rules going to be like this,” then you guys just move forward. Besides like just keeping system center, doing nothing within the company, right?
Wally:
Yeah, you may need to go to either training, to get yourself up to speed which is great, but if you don’t have that opportunity, the time, or whatever. Then certainly getting a consulting company in there that can help you with that. A consulting company that has the expertise, that can easily do your analysis of what your current solution looks like, where your gaps are, then help you implement what those remediation schemes are to get you to where you need to be.
Paula:
And that’s what you guys do?
Wally:
We can do that, yes.

When you want to work more with the Configuration Manager you need to…

Paula:
Okay, cool. So two more questions that are more from the soft area. The first question is, if someone is young in the industry and they’re like, “Okay, we want to do deployments,” they work in the enterprise, they just start their career, what is the skillset do you think that this person should have in order to just start, jump to the field, and so on?
Wally:
Well if they’re a young, new person, then they probably got a lot of the skillset which is mobile, because they live on their mobile devices all day long and that’s the way the world’s going, so they got a great start there. But as far as the rest in Configuration Manager space, it’s spending some time with the solution. Again, whether it’s training, or whether it’s attending a training class or self-learning on theTechNet Virtual labs or Microsoft Virtual Academy sessions that they have out there.
Paula:
That’s a good resource.
Wally:
You need to spend the time to learn the solution because it is very complicated. I was there for 22 years and I still don’t understand everything about Configuration Manager. So nobody does, so don’t get your hopes up that you’re going to get there because nobody is going to ever get there. It just takes a while, long time. Plus, theyrelease new versions every four months now, and things change every single release, so it takes a long time. So just got to be patient, take small chunks, bit off those small chunks, get to the point where you’re comfortable in mastering one of them, then move on to the next area.

When you’re more advanced with Configuration Manager you can…

Paula:
Sure. And what about the guys that have already a lot of experience in infrastructure? Like for example, administrators that want to master application compatibility, et cetera, what would you advise them?
Wally:
Yeah, that’s kind of the same as the new guys, just that you’ve got more of the background behind Configuration Manager or whatever your other solution is, so now it’s just a matter of delving into this new area, but it’s going to be easier for you because you’ve already got the background in what the solution can do for you. So now it’s just a matter of picking up applications versus packages or picking up endpoint protection from your old solution that you had. You’ve already got the background, the knowledge, it’s just a matter of now the specific implementation details for this one solution. So it’s just taking the time and devoting the effort toacquiring some new knowledge and getting to a point where you feel like you’ve mastered it.
Paula:
Perfect, thank you so much. So a couple of words regarding summary. We have talked about:

  • The possibility of implementing security within the ConfigMgr so that we can do the deployments with the different kinds of security settings.
  • The new features that are in the newest release of the ConfigMgr.
  • Endpoint protection as a pretty cool way to perform the vulnerability assessment, if I could describe it this way, to be able to analyze different types of versions of applications, and if there’s something wrong, we’ll be able to immediately spot that and eventually deploy the updates for the versions that are already outdated.

Thank you, Wally Mead, for being part of this interview. It was very insightful. I hope that you will like it too, and if you’ve got some questions to Wally, to myself, regarding this interview, make sure that you’re going to post them in the comments section below

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)