Category: Other

Even strong passwords are… stupid

While this blog is mostly focused around passwords and how to ensure people can login, the new direction within Microsoft is to get rid of passwords. I can already feel the shock from many security officers reading this post, but hear us (eeuh Microsoft) out on this one. Passwords are by default unsecure, they require […]

Read more

Azure Stack Development Kit – Deployment overview (troubles)

Side Note: The experience of ASDK as described in this post are based on the late July bits of Azure Stack on a Dell T710. Future experience might (I certainly hope so..) be better and more integrated..  The T710 described in an earlier topic was purchased to run Azure Stack. And while I’m still waiting […]

Read more

The hardware

Sometimes I get the question; what do you work with.? as in .. which computers.. and to provide an answer: This “oh look at my hardware” post.. or more like “the hardware pissing contest equivalent” on many of the blogs.. In short, I don’t like to buy brand new stuff.. its expensive, it looses value like […]

Read more

PowerBI Gateway and Proxies

The PowerBI Gateway can be used to connect on-premises database sources into PowerBI, Microsoft Flow, Logic Apps and PowerApps. The advantages are many, and if installed correctly it will work flawlessly. However, the default install of the connector is based on the gateway being able to connect directly to the internet. While it’s the fastest […]

Read more

Pass the Hash

When you create a new forest or new domain, you use the Domain Admin credentials. Through the use of the “Administrator” account you can control each and every workstation and server. You can install Exchange, System Center products and much much more. But Microsoft is probably thinking twice now about the framework they have chosen wherein the Administrator is master of your infrastructure.

As the Administrator account is so powerful, it’s a sweet spot for hackers, the target to get. And that’s probably why many people rename the administrator account to Guest (and vice versa) or something else. Many others keep the Administrator name but change the password to a very long one including special characters, but even that seems futile, by the discovery of an advanced hacking technique called Pass The Hash.

(more…)

Read more

Web Application Proxy – on Azure

The Azure AD Application Proxy is a new feature available in Azure WAAD Premium. It allows administrators to securely publish internal websites using Azure’s technology. By using this, it will allow customers to make use of enterprise class hardware in their reverse proxy solutions protecting against DDOS attacks and many more other things. In this post we will look at a simple setup on how this would work.

(more…)

Read more

RDS Gateway through WAP

I’ve been trying to get RDS Gateway to work behind my WAP proxy server which is included in Windows Server 2012 R2 and v.Next version. While it is possible to implement ADFS based authentication based on the URL: http://technet.microsoft.com/en-us/library/dn765486.aspx

But what if we wanted to publish the simple RDS Gateway on our backend server for direct RDP access.. ?

(more…)

Read more

Geo-Clustering

Geo Clustering exists in many options, and dependent highly on the requirements and technical capability. This post is to discuss some options and things to consider before deploying any geo-cluster.

Data GEO- Redundancy

The first dependency in clustering is storage capability. Data from the workload in the cluster will be written to disk and that data needs to be available on both sites. Within Microsoft SQL AlwaysOn can replicate the data for the instances and ensure it is available on both sites. It is also possible to have the storage perform data mirroring.

When sending data from site A to site B, two options exist: Synchronous and A-Synchronous.

Synchronous: Data is written to BOTH sites before the application or server receives a successful write notification

A-Synchonous: Data is written to the primary site, the application or server receives the write, and THEN the data is written to the second site.

Within a synchronous architecture, there is very limited chance of data-loss upon a failure, as the application knows the data is written in two locations. With A-synchronous data loss can occur.

While synchronous looks most tempting, it requires fast connections between the storage / servers in order to reduce latency for every I/O write action. Therefore this is not always possible and a-synchronous is the only option left.

Storage mirroring or AlwaysOn data replication must be used to provide data geo-redundancy

(more…)

Read more

Data Offloaded Transfers – ODX

As we are seeing more and more Windows 2012 based Clouds and services.. I wanted to alert you to the following technology which is becoming more and more available in backend storage systems (and Windows 2012): ODX   If you are implementing Hyper-V, File services or any other Windows Server 2012 with a backend SAN […]

Read more

Mitigating attacks on your Active Directory network

Microsoft released a new whitepaper this week that gives an insight in why you should protect your privileged accounts. One of the techniques described is the PassTheHash attack which is a sophisticated attack but fairly easy to execute. These attacks have been seen in the “field” and are being used today. If you work with […]

Read more