There are tools that are extremely useful and once configured properly will last a long time with little or no maintenance required at all. Web servers are a common example of tools that come to my mind that can be a swiss-army knife and serve a lot of purposes.
Whether you choose Apache, Nginx or IIS, just to pick some of the most famous ones, it’s very important to know at least most of the features that they offer. So it’s very important to get familiar with at least one of them, reading the documentation and start experimenting a bit.
Continue reading “Apache Is A Swiss Army Knife”
I’m always looking for books that cover a topic with a different angle or a broader approach, this one is the perfect example, indeed, security-focused but through the magnifier lens or under the influence/culture of Agile.
Working for a Software Development company I found this book a good match for my DevOps/System Engineer role and I put it in my wish-list. Six months ago I purchased another book, but guessed what happened? Continue reading “Book Review: Agile Application Security”
Providing the best user experience with a Single-Sign-On (SSO) capability without compromising security is key of successful implementations of federation services. I personally like the ADFS model and SAML (Security Assertion Markup Language) because is robust, effective and suitable from small to large organizations offering an incredible amount of features if it configured/implemented correctly. Continue reading “How to Turn On ADFS Security Auditing with Powershell”
If not well designed or managed, User and Administrator privilege separation for users/system administrators on a Windows OS can be painful for both sides. Indeed, Windows OS doesn’t have a simple and neat management like a SUDO on Linux OS, but settings need to be tailored with GPO or at least with different users.
Regular user accounts (e.g. Domain Users) should not be a member of the local administrators group for a security point of view.
Using separate users: a standard one and an admin member of the local administrators group is at least a good way to mitigate the risk of potential/malicious/accidental damage to the system. It doesn’t matter if most of the today’s threats can deal with the regular user context.
Nothing new if you’re familiar with the least privilege access, if is something you’ve never think about it… Well, I can use a simple effective analogy for allowing user with local admin rights on their workstation.. it’s like to let them run with the scissors all the time… is it worthy or simply asking for trouble?
Continue reading “How To Create a Local Admin Account with Powershell”