Better Connect With Agile Developers on Security

Posted: September 9, 2018 in Developer Security, Security
Tags: ,
0

Information security staff (the security geeks) typically take a confrontational attitude with the rest of the business. It’s easy for them to say that others don’t get ‘security’. But they should realize that information security professionals exist because of these ‘others’ who do not understand security. There’s a dire need of improving the communication between InfoSec professionals and these ‘others’. Let’s take the example of connecting with agile developers and see how the communication can be improved.

Agile development is now mainstream with some exceptions. As usual, security folks are always a step behind in adopting the latest trends in technology. This is fine if security professionals can be fast followers. They need to adjust their mindset to help agile developer become more agile. I got some thoughts for InfoSec professionals.

  • First of all, accept the fact that processes and certain tools used during water fall days do not work in the agile world. So, start questioning the effectiveness of your tools and processes.
  • Agile is all about speed. Security professionals should think about speeding up their own processes as well. Use automation wherever possible.
  • Adopt AI technologies to improve the quality of security findings and help avoid developers wasting time on less important items.
  • If you want to get some work done by the developers, you got to speak in their language. Developers are happy to fix bugs but not vulnerabilities because they’d feel that it’s the job of security folks to deal with vulnerabilities. Talk to them about security bugs instead of security vulnerabilities.
  • Security requirements should be made part of the development work. Agile developers plan their work around user stories assigned to them. Security requirements should be nothing but another user story for them to work upon.
  • Security folks need to think a lot like developers. They should think about converting security functionalities into APIs and code libraries to make the life of developers easy. For example, instead of advising what the authentication type should be, it can be made available as a library. Security APIs would minimize the code level changes every time when there is a change in the security requirement.

EXTERNAL Tag in Outlook to Help Fight Against Phishing

Posted: August 8, 2018 in Office 365
Tags: , ,
0

Phishing (fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details) is one of the most common e-mail based attacks used by cybercriminals to gain access to corporate information systems. In Office 365 the admin can create rules to prefix subject line with the text [EXTERNAL] when emails are received from
senders outside the company.
I think this is a cool thing to help people from getting phished. Earlier it was not very easy for a normal users to identify Email spoofing (creation of email messages with a forged sender address) which leads to phishing attacks. Way to go!

I am missing latest features in Office 365

Posted: January 26, 2017 in Office 365
Tags: ,
0

I always sign up to receive the latest features in Office 365. However, sometimes suddenly those greatest at and latest features stop working for me. Most of the time this happened when I switched devices and there is a new installation of Office. After a lot of searching on the Internet I found out the root cause and a solution.

By default, Office 365 is set to receive updates in the Deferred Channel . Office installations in this channel receive new features only every 4 months. That’s really a long period in the modern software engineering world. But no worries, you can change this behavior with the help of simple fix. Download the tool available at this link . It will help you reconfigure the Office installation to Current Channel and receive updates every month.

The First Domain Controller Should Be Physical

Posted: June 5, 2016 in Active Directory
Tags: ,
0

There is no pure technical reason for the first domain controller (DC) to be a physical machine instead of having a virtual one. However, there is at least one practical reason for you to do so.

When a computer (physical or virtual) is promoted as the first DC of a domain, the machine SID becomes the domain SID. This is not a problem as long as the machine SID is unique. However, chances are high that the SID of a virtual machine is already duplicated in the environment. This is most likely due to the repeated use of the same virtual machine image which has not gone through the sysprep process. Unfortunately, I have faced this issue in a large enterprise environment while creating a new Active Directory domain. The solution I found and my recommendation is to use a physical machine as the first DC to have a unique SID for the domain. Later when virtual machines are joined to the domain as member servers they get new SID, so it’s not a problem even if the machine SID was not unique initially. Your member servers and additional domain controllers would work just fine in those virtual machines.

Failed to Extend AD Schema by SCCM

Posted: November 30, 2015 in System Center
Tags:
0

While trying to install SCCM in my lab I was executing the steps required for extending the Active Directory schema. My schema master was up and running and I had schema admin rights. Still I received the Error code = 8224 and failed to extend Active Directory schema. Of the two domain controllers, I had started only one of them. I started the second one and ensured that they are replicating successfully with each other and then I attempted the schema update again. Voila! It worked. I still don’t know why it failed in the first place. One day, when I get time I will repro it to do some root cause analysis.

Sharing this with my readers as a troubleshooting tip with your deployments.

Azure AD Connect – Learning Resources

Posted: October 27, 2015 in Azure AD
Tags:
0

This is a great collection of learning resource on Azure AD Connect

  1. Design concepts for Azure AD Connect
  2. Topologies for Azure AD Connect
  3. Managing Azure AD Connect
  4. Connect your directories with Azure AD Connect
  5. Enabling device writeback in Azure AD Connect
  6. Azure AD Connect Health Frequently Asked Questions (FAQ)
  7. Why we require an Azure AD global administrator account for setting up Azure AD Connect
  8. Why we require an enterprise administrator account for connecting to AD DS when setting up Azure AD Connect
  9. Azure AD Connect Health Agent Installation for AD FS
  10. Azure AD Connect Health Operations
  11. Azure AD Connect User Sign on options
  12. Custom installation of Azure AD Connect
  13. Azure AD Connect sync: Operational tasks and consideration
  14. Azure AD Connect sync: Implement password synchronization
  15. Azure AD Connect Sync: Understanding Declarative Provisioning Expressions
  16. Azure AD Connect Sync: Understanding Users and Contacts
  17. Azure AD Connect Sync: Technical Concepts
  18. Azure AD Connect sync: Best practices for changing the default configuration
  19. Azure AD Connect sync: Configure Filtering
  20. Azure AD Connect sync: Customizing Synchronization options
  21. Azure AD Connect sync: Attributes synchronized to Azure Active Directory
  22. Azure AD Connect Sync: Functions Reference
  23. Azure AD Connect – SSL Certificate Requirements
  24. More about Azure AD Connect credentials and permissions
  25. Azure AD Connect – Windows Remote Managed Hints
  26. Azure Active Directory Connect – Learn More
  27. Azure AD Connect: Version Release History

Remote Shutdown UI

Posted: May 22, 2015 in Windows
0

The shutdown command in Windows is something every IT Pro is familiar with. I always used it in scripts and whenever UI was not available. Recently I had to remotely restart a system which was unresponsive. While I was about to type the detailed command I discovered the existence of a UI. This is simply awesome! The screenshot below explains it all

‘Add a wireless display’ is missing

Posted: November 3, 2014 in Windows
1

I was super excited to try out the new Microsoft Wireless Display Adapter on my Surface Pro 3. However, I was just not able to find the option ‘Add a wireless display’ from the charms menu in Windows 8.1. It took a while for me to figure out that the reason was corrupt driver of my wireless adapter. I opened the Device Manager and uninstalled the device displayed with yellow exclamation mark. Boom, I could get the option to add the wireless adapter.

Screen Capture in Surface Pro 3

Posted: October 15, 2014 in Surface
0

One of my complaints about Surface Pro 3 was that it doesn’t have a print screen key in the type cover. A colleague of mine showed me a workaround to address this problem. It’s simple. Just double click the pen top button and you will be able to capture the screen J

Controlling tablet from your laptop

Posted: July 30, 2014 in Windows
Tags: ,
0

This is an awesome feature and I am finding it very useful when working on both laptop and tablet. I can use the keyboard and mouse of my laptop to control my tablet.



Older Entries