Microsoft Azure Security

Microsoft
As we all know in this day and age our workloads are more likely to migrate to the cloud which I'm sure you all know has it's benefits and it's inherent downsides.  One discussion point on everyone's mind is always security (so it should be), just how secure is the cloud. One thing to bear in mind is that your time and approach to defining security principles should be no different to that of on-premises.  Having worked with Azure for a number years I just wanted to share some pertinent information around the security model specifically with Azure. The following diagram shows various layers of security Azure provides to customers both native in the Azure platform itself and through customer defined features Before Internet traffic can get to the Azure…
Read More

Microsoft Re-Releases Exchange Server Update Rollups Due to Code Signing Issue

Microsoft
In a brief blog post the Microsoft Exchange team has announced the re-release of the latest round of update rollups for Exchange Server. Earlier today we re-released the following Rollup Updates. These updates address an issue in which digital signatures on files produced and signed by Microsoft will expire prematurely, as described in Microsoft Security Advisory 2749655. Update Rollup 4-v2 for Exchange Server 2010 Service Pack 2 (KB2756485) Update Rollup 7-v2 for Exchange Server 2010 Service Pack 1 (KB2756496) Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497) For further information Paul Cunningham over at ExchangeServerPro.com has covered this in a bit more detail. Thanks Paul
Read More

Enable Tech Support Mode Timeout

VMware
Tech Support Mode is a great feature of ESXi that lets admins and support personnel access the command directly on a ESXi hosts. This can be done via SSH or thru the host console. The security risk is that the console does not shut down automatically by default. There is a simple fix for this however, you can set the auto-timeout so that Tech Support Mode will shutdown automatically after a certain time has passed. You can find a great article on tech support mode here. To enable the Tech Support Mode Timeout via the vSphere Client (from the KB Article): Select the host and click the Configuration tab. Click Software>Advanced Settings. ESXi 5.0: Change the UserVars.ESXiShellTimeOut field to the desired value. ESXi 4.1: Change the UserVars.TSMTimeOut field to the desired…
Read More

VMware vSphere 5.0 Hardening Guide

VMware
Last Friday, VMware released their vSphere 5.0 Security Hardening Guide v1.0. It’s a great and extensive guide to completely secure your VMware vSphere 5 Infrastructure from ESXi host to vCenter server and from the vNetwork to virtual machine. The coincidence is that yesterday I had a discussion with a colleague on enabling root access on a customers ESXi hosts. Following this hardening guide will prevent people from adding vulnerabilities to a great product. With this new release the format of this guide has changed from previous versions. The guide is being released as a Excel spreadsheet only. The guideline metadata from earlier guides has been greatly expanded and standardized.  CLI commands for assessment and remediation of the guidelines is included for the vCLI, ESXi Shell, and PowerCLI.  For additional information, please see the Intro tab of the…
Read More