now browsing by tag


#cybersecurity | #hackerspace | Understanding Azure AD’s Basic/O365 Apps Tier

Source: National Cyber Security – Produced By Gregory Evans

To better understand the structure of Azure® Active Directory® (AAD or Azure AD), we will be exploring each tier of their services in a four-part series. 

This is the second part of that series. Below we explore the full scope of features offered with Azure AD’s Basic/Office 365™ apps iteration. Each part will cover the benefits of that particular service, as well as the drawbacks that come with each tier. Click here to read our previous blog on Azure AD Free.

Azure Active Directory Basic/Office365 Apps

Azure AD’s second pricing tier was introduced in 2014 alongside its other services. It was meant to serve as an intermediary step for admins that wanted more out of AAD’s Free version, but weren’t ready to commit to Premium P1 or P2.

Initially referred to as Azure AD Basic, this version of AAD was recently renamed “Azure AD Office 365 apps.” It’s included with the purchase of a subscription to Office 365 E1, E3, E5, and F1. 

AAD Office 365 apps is designed to work optimally as a substrate identity solution that’s been paired with a directory service, namely Active Directory. It is meant to provide legacy, on-prem identity management solutions with a bridge to securely connect existing user credentials to select web apps and the Azure infrastructure.

Benefits of Azure AD Office 365 Apps

By itself, AAD O365 apps offers the following features:

  • Sync Office365 user accounts to an unlimited number of directory objects
  • Leverage SSO for up to 10 pre-integrated SaaS applications per user
  • Self-service password changes and resets (for cloud users only)
  • Sync with Azure AD Connect
  • Basic reporting on their substrate identity management solution
  • Service level agreements (SLAs) for Azure infrastructure
  • Multi-factor authentication (MFA) only for O365 apps

As with all other versions of Azure AD, O365 apps allows admins to sync their AAD instance with AD through Azure AD Connect. By doing so, they can increase the value of AAD O365 apps by enabling admins to implement important Microsoft features like network authentication via RADIUS (this requires an on-prem NPS server to do so), (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Understanding Azure AD’s Basic/O365 Apps Tier <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Universal Directory vs Azure Active Directory

Source: National Cyber Security – Produced By Gregory Evans

By Kayla Coco-Stotts Posted January 5, 2020

In the battle for modern directory services, are Okta®’s Universal Directory (UD) and Microsoft®’s Azure® Active Directory® (AAD or Azure AD) worth considering? For most, though, UD and AAD aren’t used as the replacement to a true directory service, like Microsoft Active Directory. Regardless, given the activity in the identity and access management (IAM) space, it is worth understanding the comparison between Universal Directory vs Azure Active Directory.

UD and Azure AD weren’t intended as replacements for an organization’s on-prem AD, but rather a complement to the identity provider. Both cloud identity management services allow admins to extend AD identities to web applications through single sign-on (SSO). Below, we’ll compare features of both UD and Azure AD. We’ll also detail the components that define a service as a modern, cloud-based directory.

Universal Directory vs Azure Active Directory

Okta introduced Universal Directory as a way to build upon their established foundation of web application single sign-on services. Over time, Okta extended UD to serve as a repository for user information from a variety of sources, so that UD acts as the subsequent authority for a user’s data attributes. It’s also a core underlying feature for admins looking to leverage Okta’s SSO capabilities.

Azure AD is a cloud-based user management solution for Azure and Office 365™. Beyond Azure/O365 management, Microsoft also created it to provide IT admins with web application SSO from the cloud. Azure AD is designed to work as an extension of Active Directory, connecting users to various web applications, Azure infrastructure, and Office 365. In order to bridge on-prem AD to Azure AD, a component called Azure Active Directory Connect is required and then subsequently if Azure resources are needed to be accessed, Azure AD Domain Services is required as well.

Like Okta, Azure AD is a great resource for admins looking to extend user credentials to web applications, but it isn’t generally considered a standalone solution. As a result, IT departments layer Azure AD on top of their existing AD and associated connective technology described (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Universal Directory vs Azure Active Directory <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | RADIUS Server in Azure – Security Boulevard

Source: National Cyber Security – Produced By Gregory Evans

Azure® is a cloud infrastructure provider that offers compute, storage, and other infrastructure platforms, such as Office 365™. Azure introduced its own identity management solution called Azure Active Directory® (AD), but this doesn’t serve as a solution for bringing the on-prem directory service, Active Directory, to the cloud. Though Azure does not offer its own RADIUS server, RADIUS-as-a-Service solutions make it simple to level up the security of WiFi and VPN networks.

What Does Azure AD Do?

Azure AD incorporates a user management function (like authentication and authorization) for Azure services (like compute, storage, and applications). Azure AD provisions, deprovisions, and modifies user access to Azure-related services such as Windows® servers and Office 365.

It also does web application single sign-on, enabling SSO for Office 365, Salesforce®, Dropbox, and other select applications to be accessed with a singular identity.

What Azure AD doesn’t offer is an integrated, hosted, and managed RADIUS solution, making it difficult to manage access to VPNs and on-prem WiFi and forcing IT admins to leverage other mechanisms to manage user access. Often this means setting up their own RADIUS servers (i.e. FreeRADIUS or Windows NPS) to keep their networks secure.

Azure AD RADIUS Authentication Services

Because Azure AD doesn’t have native RADIUS server functionality, IT admins need to employ different methods for securing their on-prem wireless Internet access. 

For instance, admins can host a RADIUS server in Azure, either through an NPS extension or through FreeRADIUS, but this process is time consuming, requiring extensive self-implementation and potentially forcing IT admins to stray away from cloud-based services and applications that shift the heavy lifting of the infrastructure to a third party. Beyond that, admins still have to integrate the RADIUS infrastructure back into whatever core directory service they are using. 

Time Consuming

Azure AD does offer IT admins the ability to configure Azure MFA servers for RADIUS authentication through an NPS extension, or they can implement their own FreeRADIUS authentication source to be linked back to AD.

However, Microsoft’s solution is limited in that it only supports RADIUS authentication (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> RADIUS Server in Azure – Security Boulevard <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Source: National Cyber Security – Produced By Gregory Evans

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Microsoft Security Response Center research into recent cyberattacks indicates that the average time for infection or exploitation of an unpatched node on a compromised network is as little as 90 seconds. Verizon’s Data Breach Investigation Report found that 12 percent of phishing mail recipients will click on a link or…

The post How Microsoft’s Azure platform can help agencies with the Cybersecurity EO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures