Yuri Diogenes's Blog

Understanding Private Cloud Security – NAISG Dallas Chapter

Yuri Diogenes [MSFT] — Thu, 24 May 2012 03:19:49 GMT

Yesterday me and Tom had a chance to participate in the May meeting of NAISG (National Information Security Group) - Dallas Chapter and we delivered a presentation about Private Cloud Security. First I would like to thanks NAISG Dallas for having us and also to all Security Professionals that were there.

The presentation that we delivered is available here.

Let’s meet at TechED North America 2012

Yuri Diogenes [MSFT] — Wed, 23 May 2012 18:52:00 GMT

Besides the sessions that I will co-present with my friend Tom Shinder at TechED North America 2012, we will also be signing our books at the Microsoft Press booth on Tuesday, June 12th at 3pm and on Wednesday, June 13th at 10:30 AM at Server and Cloud Division Information Experience Booth. If you have a copy of one of our books, bring it and will be glad to sign. If you don’t have it, use the discount code below to get 40% off on your printed version for those books:

We hope to see you there !

Are you ready to move to Private Cloud?

Yuri Diogenes [MSFT] — Thu, 17 May 2012 18:14:16 GMT

Often the question that comes up during my presentations or while talking with customers is: why should I move to a private cloud? Instead of answering this question, we usually show the “evolution of the data center” and how the traditional operational mode that was done in the past is not effective for today’s needs.

If you look the benefits of each one, it will be easy to notice that the Private Cloud (in this case using IaaS as example) has much more advantages, better scalability and it’s more efficient for the current business needs. If you are still not sure about that, one easy way to find out if your company is ready or not to make this move, is to use the the Microsoft Customer Assessment Tool for Private Cloud.

In four steps this tool will assist you to make a decision about moving to a private cloud or not. This is done by leveraging your knowledge about your business needs, company’s goals and the plan to achieve those goals. It is very worth to take a look on this tool if you are unsure about this move.

Schedule for the next three months…

Yuri Diogenes [MSFT] — Thu, 10 May 2012 04:03:00 GMT

Hello Folks,

I hope you all are doing fine, I’m pretty busy with many projects these days, but want to give you a quick update about my engagements for the next three months.

May

Presentation: Private Cloud Security
Location: National Information Security Group - Dallas Chapter
More information at: http://dallas.naisg.org/meetings.asp

June

Presentations at TechED North America 2012:

AAP306: Private Cloud Security Architecture: A Solution for Private Cloud Security
Speaker(s): Tom Shinder, Yuri Diogenes
Tuesday, June 12 at 1:30 PM - 2:45 PM
Architecture & Practices | Breakout Session | 300 - Advanced

Cloud computing introduces new opportunities and new challenges. One of those challenges is how security is approached in the private cloud. While private cloud can share a lot of security issues with traditional datacenters, there are a number of key issues that set private cloud security apart from how security is done in the traditional datacenter. In this session, Dr. Tom Shinder and Yuri Diogenes discusses these issues and wrap them in to a comprehensive discussion on private cloud security architecture. By taking an architectural approach to private cloud security, you will be able to understand the critical concepts, principles and patterns that drive a successful security implementation of private cloud.
Read more

WSV320: Understanding and Deploying Hosted Private Cloud: Concepts and Implementation
Speaker(s): Joshua Adams, Tom Shinder, Yuri Diogenes
Wednesday, June 13 at 5:00 PM - 6:15 PM
Windows Server | Breakout Session | 300 – Advanced

The Hosted Private Cloud is a new deployment model that enables an exceptional level of mobility and availability for your private cloud deployments. However, to get the most out of a Hosted Private Cloud solution, you need to understand the core concepts that drive a successful Hosted Private Cloud deployment and then understand what you need to do to implement the solution. In this talk, Dr. Tom Shinder and Yuri Diogenes discuss key Hosted Private Cloud Concepts and then demonstrate critical steps in implementing a hosted Private cloud. Demos show you how to evaluate the Hosted Private Cloud environment and how to configure and validate your Hosted Private Cloud configuration.
Read more

July

Presentations at COMTEC (Fortaleza, Brazil)
More information (in Portuguese) here.

What else is going on?

Well, besides having to prepare all those presentations, I’m busy updating our Private Cloud documentation and getting things ready for our next milestone (RC). Our From End to Edge and Beyond book is moving pretty smoothly this month we should finish chapter 4. This week I passed the CompTIA Advanced Security Practitioner (CASP) Certification and I truly recommend you to take this one, probably it was the second most difficult exam that I’ve taken (first one was CISSP) but the overall experience of studying and taking the exam were great . Last couple of days I also attended the TakeDownCon here in Dallas and again it was a great conference, thumbs up!

Last but not least, we recorded Episode 19 of From End to Edge and Beyond with Richard Hicks talking about Direct Access on Windows 8, this episode should be live either Friday (5/11) or Monday (5/14), meanwhile visit all other episodes at http://aka.ms/FEEAB

Follow up from DFW IT PRO Meeting

Yuri Diogenes [MSFT] — Fri, 04 May 2012 20:00:52 GMT

Hello Folks,

First I would like to thank you all for attending the DFW IT PRO Meeting yesterday (May 3rd) at Microsoft Las Colinas here in Irving, Texas. During our presentation we discussed the Concepts and Implementation of a Private Cloud Infrastructure using Windows Server 2012. As we said, the documentation to build your cloud infrastructure using Windows Server “8” Beta is already available at TechNet. You can read more about this documentation here. Many of you also said that never heard about the TechNet Wiki but do support the community based content. I would like you to read this post to better understand what the TechNet Wiki is all about.

Thanks again for your time yesterday and I hope to see you all again soon!

Understanding Private Cloud Security

Yuri Diogenes [MSFT] — Tue, 01 May 2012 17:05:48 GMT

Today ISSA released the ISSA Journal May 2012 issue featuring one article written by me and Tom Shinder.

If you are ISSA Member make sure to logon here and access the whole content of this issue. If you want to read our article you can access here.

We hope you enjoy !

Private Cloud with System Center 2012 and the Cloud Security Challenges – Part 1

Yuri Diogenes [MSFT] — Fri, 27 Apr 2012 17:43:38 GMT

Introduction

If you were at Share Cloud Dallas last month in our presentation about Private Cloud Security you probably remember one topic that we discussed called “Cloud Security Challenges
Secondary to Cloud Essential Characteristics”. This series of post that I’m going to write (at least one per week) will explain how Private Cloud with System Center 2012 can assist you to address those concerns.

Cloud Security Challenge 1 – Resource Pooling

Problem Statement as described in the Private Cloud Security Paper: As the consumer (tenant) of the services offered by a private cloud in my enterprise, I want to be sure that the data in my application is secure, that no-on else can access it, and that it is safe if something untoward occurs.

How System Center 2012 can assist you with this Challenge?

System Center 2012 Role-Based Access Control and User Role features can assist you with that. Partitioning and Role Based Access Control (RBAC) also applies to your administrators, who should not have automatic access to tenant data. In the case where an administrator does require access to tenant data, then that access must be carefully audited.

With the User Role Wizard you can even customize the user role for that particular cloud as shown below:

When creating a User Role you can also determine the scope for the User, in other words, which Cloud that user (or users) will be able to perform those pre-defined actions:

For a full demonstration on how to perform those actions use the video below (skip to minute 33:03):

Private Cloud presentation at DFW IT PRO May Meeting

Yuri Diogenes [MSFT] — Wed, 11 Apr 2012 17:14:40 GMT

If you are part of the DFW IT PRO Group, make sure to add to your calendar our presentation “Understanding and Deploying Hosted Private Cloud: Concepts & Implementation”. More information here:

http://www.dfwitprofessionals.com/event-calendar/icalrepeat.detail/2012/05/03/359/-/-dfw-it-pros-may-3rd-meeting-understanding-and-deploying-hosted-private-cloud-concepts-a-implementation

See you there!

From End to Edge and Beyond, the Book - April Update

Yuri Diogenes [MSFT] — Mon, 09 Apr 2012 22:13:35 GMT

Hi Folks,

I’m going to try to give you some updates about how our new book (announced here) is coming along. This month we started handing over some chapters to Syngress and we are really excited with this project. We are using the same formula that we used in our previous books, in other words, we split the chapter in two parts and each one write half of the chapter. This gives us the opportunity to write every single chapter, equally split the work and leverage our areas of expertise within the technology. There are two recent news that I would like to echo here: as announced today by Richard Hicks his blog, he will be the Technical Reviewer for this book and as we known Richard for a long time we are very pleased to have him onboard to help us on this project. As I announced last Saturday (via Twitter – see below), Syngrees will be handing over to us the draft book cover and we will be showing it during our sessions at TechED US in June. I hope to see you there !

To the Cloud with Security as a Wrapper !

Yuri Diogenes [MSFT] — Wed, 28 Mar 2012 19:55:33 GMT

Hello Folks,

My last post was 18 days ago when I talked about the Cloud Infrastructure using Windows Server “8” Beta. On the same token I would like to let you know that soon (probably in the next couple of days) we will release Episode 17 of From End to Edge and Beyond where we interviewed Josh Adams. Josh will talk about this document that we wrote and will demonstrate how to build a cloud infrastructure using Windows Server “8” Beta.

Stay tune in this channel!

Since we are talking about cloud, yesterday me and Tom Shinder delivered a presentation at Share Cloud Dallas about Private Cloud Security. We had a great time not only presenting but also networking with other IT PROs from DFW area.

You can download the presentation from here and you can access the Private Cloud Blog for more information about some of the scenarios that we discussed during this session.

Cloud Infrastructure with Windows Server “8” Beta

Yuri Diogenes [MSFT] — Fri, 09 Mar 2012 23:44:08 GMT

As my friend Tom Shinder recently announced on his blog, he is leading the Private Cloud initiative and one of the projects that we are working together is the Cloud Infrastructure with Windows Server “8” Beta. You can find these technical scenarios in the Windows Server “8” Beta page in the location shown below:

…or you can directly access the Building Your Cloud Infrastructure scenario from here.

Stay tuned for more exciting stuff about Windows Server “8” Beta at Windows Server Blog.

Building a Community Based Content, one year later….

Yuri Diogenes [MSFT] — Tue, 06 Mar 2012 12:56:49 GMT

One year ago we were launching the video below where I talk about the TechNet Wiki:

Lots of things happened throughout this one year and the TechNet Wiki platform got even stronger than it was. A great example of that is the recent publication of an article related to Windows Server “8” Beta directly from product team. This really shows the commitment that Microsoft has with this platform. In order to assist you to evangelize others IT PROs/DEVs on how to use this platform, I’m making available a slide deck that I used in many events where I want to call for engagement on this platform, download the deck from here. I would like also to congratulate the Brazilian community for growing from a couple of hundred articles to more one thousand articles in nine months period. Great job guys!

WSUS on Windows Server “8” Beta

Yuri Diogenes [MSFT] — Fri, 02 Mar 2012 20:45:55 GMT

Today we released the first WSUS on Windows Server “8” Beta blog post at WSUS CSS Team Blog. This post focus on the WSUS Role installation on Windows Server “8” Beta using the new Server Manager experience. Make sure to stop by the link below and review the article:

http://blogs.technet.com/b/sus/archive/2012/03/02/getting-started-with-wsus-on-the-windows-server-8-beta-installing-the-wsus-role-using-the-new-server-manager.aspx

There you will also find links to the WSUS on Windows Server “8” Beta TechNet Library page. There are plans to release more blog posts and the next one will be about WSUS role installation using PowerShell.

Stay tuned to the Windows Server Blog for future announcements related to Windows Server “8” Beta !

Getting Started with Windows Server “8” Beta

Yuri Diogenes [MSFT] — Thu, 01 Mar 2012 23:31:51 GMT

What a great way to start a leap day and see that lots of hours of hard work are now available to public consumption: Windows Server “8” Beta is available for download here. The new Windows Server “8” Beta page at TechNet Library was also launched:

See http://technet.microsoft.com/en-us/windowsserver/hh534429

In this page you will find tons of information about this release, such as the new WSUS, enhancements in Security and Protection, enhancements and new networking features, Active Directory Rights Management Services and much more.

Go ahead and start download Windows Server “8” Beta, play with it, connect with others to discuss about this release and give your feedback.

TechED 2012 - May the Cloud power be with you !

Yuri Diogenes [MSFT] — Wed, 22 Feb 2012 15:27:13 GMT

Hello folks, a quick post here just to let you know that me and my friend Tom Shinder will be presenting at TechEd US (in Orlando) and TechEd Europe (in Amsterdam). We will deliver the same session in both events, which is Understanding and Deploying Hosted Cloud: Concepts and Implementation. We will also use this opportunity to network with the IT PRO / SEC Community and record an episode for our Security Talk Show (From End to Edge and Beyond) with your participate, so I really hope to see you there !

Here it is why you can’t miss TechED 2012.

Forefront TMG Malware Inspection False Positive Detection

Yuri Diogenes [MSFT] — Wed, 15 Feb 2012 16:44:21 GMT

Recently I saw this thread on the TMG Forum and found it very interesting as it was quiet easy to repro. Yesterday Microsoft released a signature update that address this issue. The problem that TMG’s administrators were facing is documented here:

From: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3aJS%2fBlacole.BW

Make sure to go to TMG Update Center and force an update (in case Malware Inspection is not showing as 1.119.1988.0). If it is higher than that you should be fine as shown below:

Watch out for Phishing

Yuri Diogenes [MSFT] — Wed, 01 Feb 2012 22:17:00 GMT

Today I received an email from a friend with the subject: Remove my photo from FACEBOOK. On the body of the email it says:

“Hey, who gave you permission to post my photo at Facebook??? Be aware that I didn’t like that and I would like you to remove ASAP. Are you playing around with me?”

Under this paragraph a link pretending to be to the Facebook picture. Here it is the original email (in Portuguese):

Well, when I saw that I knew it was fake e-mail (a typical social engineering e-mail) and I also knew that if I wait a little bit, probably Hotmail will be redirecting this to my Junk Mail. But I was curious to understand what this was about, so I copied the URL to a lab environment that I have (isolated from my production network).

What happened?

I configured my TMG’s live logging to watch the particular client where I was doing the test and here it is what I saw:

1. A redirect from the short URL:

2. Another redirect from the target (notice my friend’s email address is on the GET Request:

3. Right after that this is what I see on my client workstation:

4. Immediately FEP 2010 opened the window below on the client workstation:

5. When I clicked show details this is what I got:

A severe threat (Trojan) that was trying to land into my system. I was luck to have FEP 2010 fully updated and ready to mitigate such risk, however some users might not have that.

What about your friend?

The best thing you can do if you believe your friend is sending compromised content (probably because he was compromised) is to take an action to inform Hotmail that this happened. From Hotmail web interface you can flag that message saying that your friend was hacked:

…or you can also send the message to Junk folder and flag that your friend was hacked:

Keep yourself and your friends safe!

Shared Cloud Dallas 2012

Yuri Diogenes [MSFT] — Tue, 31 Jan 2012 03:36:59 GMT

Me and my friend Tom Shinder, along with John Weston will be speaking at Shared Cloud Dallas 2012 in March. Me and Tom will share the stage to talk about Private Cloud Security and we will also use this opportunity to record an special edition of our Security Talk Show – From End to Edge and Beyond. If you are going to attend to this event, come meet us and chat about Private Cloud Security. We will also give away some Forefront books during our presentation.

See you there !

Goodbye ISA Server…

Yuri Diogenes [MSFT] — Mon, 23 Jan 2012 00:02:03 GMT

You might not have noticed but this month (last January 10th) ISA Server 2006 Mainstream Support ended as shown in the table below:

Source: http://support.microsoft.com/lifecycle/?p1=11928

The question that you might have is: what about this extended support that goes until January 2017? Extended support means the following:

The Extended Support phase follows Mainstream Support for Business and Developer products. At the supported service pack level, Extended Support includes:

Paid support
Security update support at no additional cost
Non-security related hotfix support requires a separate Extended Hotfix Support Agreement to be purchased (per-fix fees also apply)

Please note:

Microsoft will not accept requests for warranty support, design changes, or new features during the Extended Support phase
Extended Support is not available for Consumer, Hardware, or Multimedia products
Enrollment in a maintenance program may be required to receive these benefits for certain products

Source: http://support.microsoft.com/lifecycle/

Better to start planning your migration as part of your new year’s resolution.

Private Cloud Security

Yuri Diogenes [MSFT] — Wed, 18 Jan 2012 13:06:20 GMT

Yesterday we released a new version of the Private Cloud Security Hub at TechNet Wiki, you can access it from here:

http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for-private-cloud-security.aspx

The good news with this release is that you can also access the full set of DOCs (3) that corresponds to those TechNet Wiki articles from one single place. That’s right, we compiled everything in a single ZIP file that you can download from here:

http://gallery.technet.microsoft.com/A-Solution-for-Private-67209ab1

These papers will guide you through the design of private cloud security, the understanding of the security blueprint and the secure service operation of a private cloud. Feel free to leave your comments and feedbacks, they are very important to us.

Rollup 1 for Forefront TMG SP2

Yuri Diogenes [MSFT] — Wed, 11 Jan 2012 19:15:26 GMT

Hello Folks,

Today we have some new KB Articles published for Forefront TMG 2010. If you are experience any of those issues, make sure to read these articles and apply the new update called Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 . All articles are available at http://support.microsoft.com/kb/2649961

Windows Security – From End to Edge and Beyond

Yuri Diogenes [MSFT] — Thu, 05 Jan 2012 17:01:09 GMT

Me and my great friend Tom Shinder are very pleased to announce that we signed a contract with Syngress to write our next book, which will be about Windows 8 Security. This is our greatest project for 2012 and we are very excited about this new partnership with Syngress. If you take a look on Syngress’s website you will see that their infosec portfolio cover many areas such as:

Note: you will also find in one of these pages the book that our friend Tim “Thor” Mullen wrote (watch Episode 10 for more details).

While we can’t reveal too many details about what we will cover in this book, you can definitely expect broad and deep coverage of many security features that are coming with Windows 8 as well as Cloud implementations.

Stay tune also on Tom’s blog, he will bring some more details about the project.

Forefront TMG - NIS Update for CVE-2011-3414

Yuri Diogenes [MSFT] — Mon, 02 Jan 2012 15:05:54 GMT

Hello folks and Happy New Year for you all !!

If you are running Forefront TMG 2010 and has NIS (Network Inspection System) enabled and updated, you probably notice a new signature that was released to assist you protecting against CVE-2011-3414 (part of MS11-100) as shown below:

Notice also that the response it is already setup to “Block” and it is already enabled. If you open the properties for this signature and review the Details tab you will see it is classified as a high business impact:

The good news is: if an attacker tries to exploit this vulnerability against a server that was not patched yet and the traffic is crossing TMG then NIS will identify the traffic and it will block it. Although you have this additional layer of protection to mitigate attempts to exploit this particular vulnerability, it is strongly recommended that you update your servers with MS11-100 as quick as possible (mainly the ones that are exposed to the Internet).

Stay Safe in 2012 and have a great year !

Debug Fest

Yuri Diogenes [MSFT] — Thu, 15 Dec 2011 04:23:34 GMT

If you are following this blog since 2008 when I started you probably noticed that troubleshooting is a subject that I love it. Troubleshooting using tools like Perfmon and Windbg is amazing. In my new role at Microsoft I don’t deal with this on the daily basis anymore (like I used to on CSS Forefront Edge Team), however the love did not go away. I’m still quiet involved with troubleshooting and researching about new things and hot to fix it when it is not working. This week for example me and Tom recorded the Episode 13 of our Security Talk show. This episode was called Demo Day and I demonstrated how to use Perfmon and Windbg to troubleshoot a performance issue on TMG.

The video is available here or you can watch below:

I hope you like it!

The risks of revealing too much on social networks

Yuri Diogenes [MSFT] — Mon, 12 Dec 2011 19:14:38 GMT

You can’t deny that social networks today are part of the vast majority of the people’s life. It is everywhere, you go to a supermarket and you see: “Like Us on Facebook at <URL>”…it’s on TV, on the streets….everywhere. Now, the questions are: do people know how to behave on social network? Do they know about the risks of revealing too much? Does your company have a security policy about social network usage? Did you have a security awareness training when you joined your current company? Was social network one of the topics of this training?

Incorrect usage of social network can cause harm not only to the individual but also to the company. Employees must be trained to correctly use social network, mainly when they are using it to advertise their work and sometimes exposing company’s information. Here in US we have a recent case where an employee was fired for ranted about his company on Facebook. As I’m not here to share something that you already know, just click here and see for yourself the security risks of social networks.

What I do want to share with you is something that happened this month in Brazil and I wrote about in my blog (in Portuguese). Matter of fact there were two recent episodes in Brazil that caught my attention. The first one (I originally wrote in Portuguese here) was about a student that used to brag about being rich by posting photos on Facebook to show the nice things that he had. His posts caught the attention of someone that was on his friend’s list. This person was able to get the key of the student’s house and handed over to thieves in order to robber those objects that were posted on Facebook. They did, they broke in to the student’s house looking for the stuff he said he had, however they found nothing other than mobile phone, some jewelry and cash. It turns out that the student was not rich, he was only bragging those things to call the attention of his friends on school.

For this particular case it is very important to understand that you need to educate your kids on how to safely use social network and other Internet resources. Here are some resources that you can start using for that:

The second case is even scarier in my opinion. While the first was about a kid saying things that he shouldn’t say but he was a minor and not fully educated to deal with such technology, the second case is about adult’s behavior. With the proliferation of social network integration with geographic service location we pretty much know everything that our friends are doing and where they are in such moment of time. While this can look as cool as it can be, it is also very dangerous. Last week I wrote in my blog (in Portuguese) about this case that happened in Brazil where someone left on vacation and posted: “I’m leaving on a trip”. When they got back home they didn’t have TV, computers and other electronics, all gone. The robbers left a note in a piece of paper saying: “Next time that you leave on a trip let us know”. Now that’s very serious….but I see that all the time. People are integrating all the social tools without be concert about privacy settings and when they post one thing in one place it is propagated everywhere. Sometimes those posts are wide open on Twitter and available for anyone with malicious intentions to take advantage of that.

Be careful, make sure to watch what you’re saying on social networks, make sure to not reveal too much, make sure to use the privacy settings that those platforms have available to at least create some restrictions on your profile. Be aware that everything that you write on a social network platform can (and might) be used against you in one way or another.

Stay safe!