Developing your own PAW for cloud administration

In the Privileged Access Workstation guidance, we provide instructions on how to enable cloud services (it’s Phase 2, step 5, marked as optional).  In that section we detail the use of the proxy.pac file, which includes a list of Microsoft Azure-related URLs.  But what if you use another service, like Amazon Web Services or RackSpace? …

0

Closing the Jump Server Security Gap with PAWs

When I’m out and about discussing Privileged Access Workstations with customers, I hear one question more than any other: Do we need to use PAWs if we use “jump servers”? The answer is a resounding YES!  In this blog entry, I’ll explain why – the short version is that while jump servers can be valuable,…

0

Why You Should Use RDP RestrictedAdmin

When Mark Simos and I documented Microsoft’s public guidance for deploying a Privileged Access Workstation, one of the features we leveraged is Remote Desktop’s /RestrictedAdmin feature (RDPRA for short).  This feature, one of many introduced in the massive KB2871997 update (and its siblings), allows administrators to connect to remote systems without exposing their credentials to…

0

When requirements aren’t really requirements

One of the primary roles of an architect is to develop solutions which meet business requirements.  As a cybersecurity architect, I regularly have conversations with customers about their cybersecurity needs and how we might deploy specific operational processes or technical products to match those needs.  But all too often, I find that the “requirements” aren’t…

1

PAWs and Attack Graphs

In 2015 John Lambert penned a fantastic article on the concept of attack graphs – if you haven’t read it, I highly encourage you to do so.  I recommend it to all of my customers as a way of illustrating one of the most important concepts in cyber defense – that of relationships.  Broadly speaking, a computing environment…

0