Tag Archives: Access

WPA3 Wi-Fi protocol aims to improve security in 2018

The Wi-Fi Alliance introduced the next generation of Wi-Fi Protected Access — WPA3 — which aims to improve password security as well as security for IoT devices.

The industry will begin rolling out the WPA3 Wi-Fi protocol in products in 2018 and replace WPA2, meaning vendors will have to follow the security standard in order to carry the “Wi-Fi Certified” branding.

In an official announcement from CES in Las Vegas, the Wi-Fi Alliance noted that the WPA3 Wi-Fi protocol will include “four new capabilities for personal and enterprise Wi-Fi networks.”

“Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface. Another feature will strengthen user privacy in open networks through individualized data encryption,” the Wi-Fi Alliance wrote. “Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.”

According to Mathy Vanhoef, a network security and applied cryptography post-doctoral candidate and one of the researchers behind the WPA2 KRACK vulnerability which took advantage of the WPA2 four-way handshake network connection process to produce a man-in-the-middle exploit. WPA3 implements a more secure handshake that should help prevent brute force password attacks.

Marc Bevand, former security engineer at Google, described in a Hacker News forum post how this type of password authenticated key exchange (PAKE) can prevent attacks online and off.

“[Offline, an attacker] can try to decrypt the packet with candidate passwords, but he does not know when he guesses the right one, because a successful decryption will reveal [values that] are indistinguishable from random data. And even if he guessed right, he would obtain [public keys], but would not be able to decrypt any further communications as the use of Diffie-Hellman makes it impossible to calculate the encryption key,” Bevand wrote. “[Online,] if he actively [man-in-the-middles] the connection and pretends to be the legitimate server, he can send his own [key and password] to the client using one guessed candidate password. If he guessed wrong … each authentication attempt gives him only one chance to test one password. If, out of frustration, the client tries to retype the password and re-auth three times, then the attacker can at most try to guess three candidate passwords. He can’t brute force many passwords.”

Additionally, experts noted that the WPA3 Wi-Fi protocol improvements to “configuring security for devices that have limited or no display interface” could help improve security on IoT devices, but not all experts, like Tom Van de Wiele, principal cyber security consultant and red-teamer at F-Secure, were optimistic about the possibility.

For Sale – Linksys Lapac1750 Business Class Access Point With POE

For sale is an opened and tested brand new Linksys LAPAC1750 Access point.

One of these covers a 3 storey town house with total ease.

This is a business class access point and as such supports either POE or normal PSU, multiple VLAN tagging, 16 separate SSID’s, 8 5ghz and 8 2.4ghz all with isolation if needed. Captive portal (for total separation of customer wifi) It has a cluster facility that add’s more of them and sets them up with the press of a button.

This can lie flat or be mounted on a wall or ceiling. It comes with all the screws, plates and template to do whatever you like!

It can do much, much more. If you have a router and want better WIFI coverage, just add this, you will be amazed.

A link to the item is here: Linksys LAPAC1750 review#

I can send this RMSD for £120

Price and currency: £120
Delivery: Delivery cost is included within my country
Payment method: BT PPG
Location: Chorley
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Set Office 365 group limits to avoid administrative hassles

Office 365 group limits to rein in unchecked access, which could lead to unintended consequences.

An Office 365 group not only contains the membership list for a collection of people, but also manages provisioning and access to multiple services, such as Exchange and SharePoint. At a fundamental level, this means each time a user creates a group for something — a project, or perhaps a team — they add a SharePoint site, group inbox, calendar, Planner, OneNote and more.

Groups is also the foundation behind new services such as Microsoft Teams, Office 365’s chat-based collaboration app. In addition to messaging via channels, Teams enables users to chat with colleagues over voice and video calls, collaborate on documents and use tabs to display other relevant team information. Teams uses Office 365 Groups to produce a team within Teams, not only for the membership list, but also to connect the underlying group-enabled services for data storage.

Why Office 365 group limits are crucial

By default, Office 365 users can create groups without any restrictions. While this appears to be a great idea to prompt viral adoption, it is likely to backfire.

The strength of Office 365 Groups is only one group is needed to manage a team’s calendar, share files among colleagues, and hold group video calls and chats. However, this is not immediately obvious to workers as they explore available services.

For example, a user starts work on a project and, being new to Microsoft Planner, decides to add a plan with the name Project Z Plan. The user also sees he can create a group calendar in Outlook, which he names Project Z Calendar. He feels he could also use a SharePoint site for the project, so he makes one called Project Z. Later, the user discovers Microsoft Teams and feels it can help with the project collaboration efforts, so he generates a new team named Project Z Team.

Each of those actions creates a new group in Office 365. A combined lack of guidance and structure means the worker’s actions — intended to build a seamless fabric that connects multiple Office 365 services — added multiple silos and redundant resources.

This scenario illustrates the need for administrators to develop Office 365 group limits to avoid similar issues. Users need instruction on what tool to use and when, but also some understanding of what a group is in the context of the organization.

Checklist for a proper Office 365 Groups configuration

Before enabling Office 365 Groups for widespread adoption, the administrator should adjust the basic settings to provide limits and help users adhere to corporate standards.

At a minimum, the IT department should consider the following Office 365 Groups configuration:

  • the email address policy for group Simple Mail Transfer Protocol addresses;
  • usage guidelines;
  • group creation restrictions; and
  • group classifications.

Apart from the email address policy, all other configurations require an Azure Active Directory Premium license, as documented here.

Next, define the settings to adjust:

Policy to update

Configuration to implement

Reason for the change

Email address

groupname@contoso.com

The company will use the main domain name because all the mailboxes were moved to Office 365.

Usage guideline URL

https://contoso.sharepoint.com/usage

Shows users best practices for producing Office 365 Groups.

Group creation restrictions

Enables line managers group to add Office 365 Groups

Only managers can create new Office 365 Groups.

Group classifications

Low risk, medium risk and high risk

Enables users to classify groups and be aware of the sensitivity of the information within the group.

To make these changes, we use PowerShell to change the configuration in multiple places.

For the email address policy configuration, add a new policy that applies to all groups with the New-EmailAddressPolicy cmdlet:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

New-EmailAddressPolicy -Name GroupsPolicy -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates “SMTP:@contoso.com” -Priority 1

For the group configuration settings, use the Azure AD preview module. After connecting to Azure AD, use this code to confirm there is a template for group settings:

Connect-AzureAD -Credential $UserCredential

$Template = Get-AzureADDirectorySettingTemplate | Where {$_.DisplayName -eq “Group.Unified”}

$Setting = $Template.CreateDirectorySetting()

Next, define the group settings based on the configuration defined in the table and apply it:

# Configure the URL for our guidelines

$Settings[“UsageGuidelinesUrl”] = “https://contoso.sharepoint.com/usage”

# Disable group creation except for the Line Managers group

$Settings[“EnableGroupCreation”] = $False

$Settings[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Line Managers”).ObjectID

# Create our list of classifications

$Settings[“ClassificationList”] = “Low Risk,Medium Risk,High Risk”

# Apply the settings

New-AzureADDirectorySetting -DirectorySetting $Settings

Verify those settings with the following command:

(Get-AzureADDirectorySetting -All $true).Values

Office 365 Groups configuration
Use PowerShell to check the settings for Office 365 Groups.

With those adjustments in place, the new Office 365 Groups creation process changes, as shown below.

Office 365 Groups plan
A new plan shows the configuration settings defined by the Office 365 administrator.

Now, new Groups will have appropriate email addresses assigned — existing groups remain unchanged.

Office 365 Groups email
With a configuration in place for Office 365 Groups, the proper email address gets produced automatically.

Add boundaries and reduce complications

It’s important for administrators to employ Office 365 group limits. This practice prevents unchecked access to resources in the collaboration platform, which maintains order and avoids problems with redundancy and wasted resources.

Change key settings to put basic governance in place to steer users toward usage guidelines for Office 365 Groups. This helps the administrator ensure the groups are created correctly and can be managed properly as adoption grows.

SwiftStack object storage integrates file protocol support

SwiftStack Inc.’s new 6.0 product release adds Universal Access capabilities to enable customers to read and write files to object storage in private or public clouds without a gateway.

The San Francisco-based software vendor originally gained a following through its commercially supported version of open source OpenStack Swift object storage. But SwiftStack object storage has steadily added capabilities and, with the version 6 release, the startup now refers to its product as “multi-cloud data management” that provides a “cloud-native” single namespace for unstructured data.

SwiftStack object storage always supported the OpenStack Swift and Amazon S3 APIs. With its 2.0 product release, SwiftStack added a gateway to enable users to put file data into an object storage system via API and take it out via file, or vice versa, noted Mario Blandini, the company’s vice president of marketing.

“The reality is, no one used our file system gateway because what they really wanted is it to be as fast as their NAS and as cool as their NAS but then cheap as in object storage,” Blandini said. “Architecturally, a gateway could not delight our customers.”

Diagram of SwiftStack storage
SwiftStack storage with file access

Integrated support for SMB/NFS file protocols

SwiftStack’s Universal Access now enables users or applications to access unstructured data from any private or public cloud location through the SMB and NFS file protocols and Amazon S3 and Swift object interfaces. The system can read and write data to a cloud-based single namespace in both formats. For instance, it can ingest data via file and read via object, or vice versa.

“Any workflow comprised of any number of parts works, as long as the file interfaces are SMB or NFS, and the object interfaces are Swift or S3,” Blandini said.

Try not to label us as an object storage company … because at the end of the day, no one cares about object storage.
Mario Blandinivice president of marketing, SwiftStack

Combining Universal Access with SwiftStack’s previously released Cloud Sync capabilities enables IT managers to control the placement of data in private or public clouds based on policies tailored to specific application workloads and facilitate multiprotocol access to the information. Blandini said the true benefit is being able to “put the right stuff in the right place at the right time without having your users do it — having your IT governance control where the data is placed.”

He said the new capabilities would enable SwiftStack, for the first time, to “ask people to please stop thinking of us as an open source company,” and “while you’re at it, if you could try not to label us as an object storage company, that’d be even better, because at the end of the day, no one cares about object storage.”

“When people write to a public cloud, they don’t care that it’s object storage,” Blandini said. “One of the things that’s made object storage elusive for most users is the fact that it’s been made up to be way more complicated than it needs to be. With cloud-first initiatives coming from CIOs and the mandate to provide DR and site recovery for a lot of businesses who can’t afford a second data center, we’re seeing a lot more momentum going to these things because it’s practical to do now.”

George Crump, founder and president of Storage Switzerland LLC, said SwiftStack’s Universal Access provides “some feature uniqueness that nobody else at least at this point has delivered.” But he said it’s probably not the one feature by itself that could push SwiftStack over the edge to significant market share.

“They have really good technology. Now it comes down to can they market,” Crump said. “I’d say the jury is out at this point.”

Howard Marks, founder and chief scientist at DeepStorage LLC, said SwiftStack’s pioneering work to have a single system that facilitates access to the same data via file and object APIs means developers won’t have to rewrite file-based applications for object storage paradigms and can write new applications to the S3 object API without having to worry about support for file APIs.

“It certainly opens  up a new market” for SwiftStack, Marks said. “Their market before had been people building object storage for cloud-type applications. They open it up to the people who have applications using files now that want to make the transition to object and use that as their transition to a cloud strategy.”

Stiff competition for SwiftStack object storage

Marks noted that SwiftStack object storage faces stiff competition in a busy market populated with well-established vendors, startups and open source options such as Ceph. He said the company is taking the right approach in de-emphasizing its OpenStack Swift roots.

“The general-purpose object market is way bigger than OpenStack, and they don’t want to be ghettoized,” Marks said. “OpenStack is starting to get the smell of failure on it. People are starting to look down on OpenStack.”

Torsten Volk, a senior analyst at Enterprise Management Associates, said SwiftStack version 6 could serve as a complement to traditional NAS. “For latency-sensitive use cases, traditional NAS can stay in place. However, you could use SwiftStack to get more mileage out of existing filers by moving off the less demanding data,” Volk wrote in an email.

Volk said SwiftStack’s software could also be helpful for container users. “Containers notoriously are fighting with data mapping. SwiftStack gives them API access so that you don’t have to worry about Kubernetes storage drives or plug-ins,” he wrote.

Updates to Sysinternals tools benefit server admins

Some Windows Server admins who grapple with security issues or access control might not know that they have a comprehensive…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

set of free tools just a mouse click away.

The Sysinternals tools — a collection of more than 70 utilities for diagnostic, troubleshooting and monitoring purposes from Microsoft — have been around since 1996.

Mark Russinovich, CTO of Microsoft Azure, still has a hand in updating the tools he produced more than two decades ago to ensure they work with the latest Windows OSes and to add new features and capabilities, such as enhanced malware detection.

This year saw quite a few updates to the Sysinternals tools collection. Here’s a rundown of what additional functionality was added that could help untangle a few issues in your data center.

ProcDump

ProcDump, currently at version 9.0, checks running applications for CPU spikes and, if found, provides a dump to help the administrator determine the origin of the spike. As a secondary feature, ProcDump also generates crash dump data for hung applications.

Microsoft’s recent improvements to ProcDump should benefit Windows Server admins who need to troubleshoot application performance on a server. The most significant change is ProcDump now features triggers to start the dump process. ProcDump is a command-line utility, and prior to the current release, the administrator ran ProcDump on an as-needed basis. Starting with version 9.0, ProcDump can be set up to watch for a problematic condition, such as a stuck application, and perform a dump automatically. This helps collect relevant data when problems occur, as opposed to gathering data minutes or even hours after an issue happens.

Sysmon

The Sysmon (System Monitor) tool runs in the background to check and record system activity to the Windows event log. Sysmon is normally used to detect malware, but it also assists with other types of security incident management.

While the Windows OS also logs system activity, Sysmon gathers even more detail. Sysmon collects very granular information about network connections, process creations and any changes that are made to a file’s creation time.

Microsoft put in quite a bit of work on Sysmon in 2017. Version 6.0, released in February, added the option to show event schema and monitor itself for configuration changes. This version also introduced support for named pipes and a feature to display registry entries in its native format.

A few months after it released Sysmon 6.0, Microsoft put out version 6.1 in September to correct several bugs and add support for monitoring Windows Management Instrumentation event filters and event consumers for enhanced malware detection capabilities. Microsoft also added an autostart option to the tool.

Version 6.2, released in November, lets the user alter the names of the Sysmon service and driver to avoid detection from malware.

Autoruns

Windows servers have a tendency to evolve over time. As OS and application updates take place, they can leave behind remnants of the previous version. Although Autoruns is not designed to check systems for OS or application leftovers, it detects anything configured to run automatically when the system boots. In essence, Autoruns reveals anything from legitimate system processes to processes that are still running but are no longer needed. Admins can also use Autoruns to detect malware.

In September 2017, Microsoft published version 13.80 of Autoruns. While it was largely a bug fix release, Microsoft did add a few new capabilities. For example, the latest version of Autoruns performs asynchronous file saves and displays names for drivers and services.

AccessChk

The AccessChk command-line tool validates the level of access users or groups have to specific network resources.

Windows Server has multiple ways to approve access to a particular resource; sometimes, a user gets excessive, cumulative or even contradictory permissions as a result. AccessChk tests access permissions through its examination of files, folders, registry keys and Windows services.

In February 2017, Microsoft updated AccessChk to report on process trust access control and token security attributes. Microsoft further tweaked the utility in September 2017 with a cache for improved handling of multiple object enumeration.

Sysinternals Live

One of the more recent additions to the utilities lineup is Sysinternals Live, which offers web-based versions of some of the Sysinternals tools. The advantage to Sysinternals Live is it provides the most current version of the tools directly from Microsoft without the need to download or install the utilities.

Wanted – Ubiquiti Cloud key

Hi

Looking to fix poor wifi receiption, looking to get a Ubiquiti wireless access point, has to be AC and i would prefer the pro version as well

Thanks

Location: Ldn

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Ubiquiti Cloud key

Hi

Looking to fix poor wifi receiption, looking to get a Ubiquiti wireless access point, has to be AC and i would prefer the pro version as well

Thanks

Location: Ldn

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

McAfee acquires cloud access security broker Skyhigh Networks

McAfee is acquiring cloud access security broker Skyhigh Networks in an effort to strengthen its cloud security portfolio.

Financial terms of the acquisition agreement were not disclosed. The Skyhigh Networks deal marks McAfee’s first major acquisition since it was spun off from Intel last year. The chipmaker purchased McAfee in 2010 for $7.7 billion and later rebranded the company as Intel Security. Last year, Intel sold a majority stake in McAfee to private equity firm TPG Capital for $3.1 billion.

Skyhigh Networks, which was founded in 2011, emerged as a leading player in the cloud access security broker (CASB) space and was one of the last remaining stand-alone companies in that market. During that span, Skyhigh earned significant investments from venture capital firms, as well was notable patents for its CASB model.

Since splitting off from Intel, McAfee has identified cloud security as a focal point for the business. During the company’s MPOWER Cybersecurity Summit last spring, McAfee CEO Chris Young said endpoint devices and cloud services were the “control points” where enterprises will need to put most of their security efforts in the future.

“McAfee is placing our bets on where we believe those environments are best modernized — where endpoint and cloud serve as the architectural control points linked by the security operations center with actionable threat intelligence, analytics and orchestration, and enabled by an open ecosystem,” Young wrote in an open letter posted Monday. “McAfee started its legacy in endpoint; Skyhigh in cloud.”

McAfee said Skyhigh will become part of the company’s new cloud security business unit, with Skyhigh CEO Rajiv Gupta running the unit. Gupta wrote in a blog post that joining McAfee will give Skyhigh more resources to invest in its technology roadmap.

Skyhigh earlier this year expanded its CASB model, which had traditionally focused on securing enterprise user connections to third-party SaaS applications, to include infrastructure as a service (IaaS). The company introduced two new products, Skyhigh for Custom Apps and Skyhigh for IaaS Platforms, to extend the company’s discovery services and security controls beyond SaaS.

The two companies said the acquisition is expected to close “shortly” following regulatory approvals and the completion of other customary closing conditions.

Wanted – Ubiquiti AC AP

Hi

Looking to fix poor wifi receiption, looking to get a Ubiquiti wireless access point, has to be AC and i would prefer the pro version as well

Thanks

Location: Ldn

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Ubiquiti AC AP

Hi

Looking to fix poor wifi receiption, looking to get a Ubiquiti wireless access point, has to be AC and i would prefer the pro version as well

Thanks

Location: Ldn

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.