In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.
In August 2020 Microsoft patched the ZeroLogon vulnerability CVE-2020-1472. In summary, this vulnerability would allow an attacker with a foothold in your network to become a domain admin in a few clicks. The attacker only needs to establish a network connection towards the domain controller. At NVISO we are supporting multiple clients with our MDR … Continue reading Sentinel Query: Detect ZeroLogon (CVE-2020-1472)
In a previous blogpost, we discussed the OS hardening baselines for Windows Server 2016 written in PowerShell DSC, which we made publicly available on the NVISO GitHub page. Using this, you can define your own hardening baseline to use within your own environment. Once a baseline is defined, we want to apply it to the … Continue reading Windows Hardening in the cloud with Azure Automation
Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each system that is deployed on-premise or in the cloud is a cumbersome task. It can lead to inconsistent security configurations because of … Continue reading Windows Server Hardening with PowerShell DSC
In this second blog post in a series about Azure Security Logging, we will focus on some of the key services that are used in most Azure deployments. We go into detail how logging can be enabled, what logging options are available and what relevant data is generated. Log sources in Azure At the moment … Continue reading Azure Security Logging – part 2: security-logging capabilities of Azure resources
In this first blog post in a series about Azure Security Logging, we will give a general overview of the types of logs available for Azure services including their storage options. We will also discuss how to define a security logging strategy in Azure. In the upcoming blog posts, we will go into detail about … Continue reading Azure Security Logging – part I: defining your logging strategy