This category contains some of my older pages which still contains some relevant information.
This is the multi-page printable view of this section. Click here to print.
Archive
This category contains some of my older pages which still contains some relevant information.
- Microsoft Defender External Attack Surface Management (EASM)
- Azure Key Vault
- The MITRE ATTACK Framework
- The Zero Trust-model
- Introduction to the Microsoft Cloud Security Benchmark (MCSB)
- Introduction to the Azure Well-Architected Framework
- Cloud Adoption Framework Introduction (CAF)
Microsoft Defender External Attack Surface Management (EASM)
Microsoft Defender External Attack Surface Management (EASM) is a security solution for an organization’s external attack surfaces. It ope…
Microsoft Defender External Attack Surface Management (EASM) is a security solution for an organization’s external attack surfaces. It operates by monitoring security and operational integrity across the following assets:
- Websites
- IP addresses
- Domains
- SSL certificates
- Other digital assets
In addition to these components, EASM can also forward all relevant information and logs to SIEM solutions such as Microsoft Sentinel.
It is also possible to manually input company-specific data, such as all domain names and IP addresses associated with its services.
The costs for this solution are minimal; you pay €0.01 per day per host, domain, or IP address added. For example, I configured it with 10 instances of each, resulting in a total monthly cost of €9.17. The costs are billed on your Azure invoice.
Best features of Microsoft Defender EASM
The best features of this solution include:
- Open port scanning on IP addresses
- SSL certificate monitoring + expiration date checks
- Domain name checks + expiration date verification
- Scanning for potential CVE score vulnerabilities
- Identifying common administrative misconfigurations
- Web server assessments based on OWASP guidelines
- Tracking changes in assets
Here, for example, you can see a common vulnerability detected in servers, even when running in environments such as Amazon Web Services (AWS):
Summary
To summarize this solution, its a must-need for organizations who want security on every level. Security is like a team sport, it has to be great on every level. Not just one level. This solution will help you achieve this.
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
Azure Key Vault
Azure Key Vault is a type of vault used to store sensitive technical information, such as: Certificates, Secrets and Keys. What sets Azure…
Azure Key Vault is a type of vault used to store sensitive technical information, such as:
- Certificates
- Secrets
- Keys
What sets Azure Key Vault apart from a traditional password manager is that it allows software to integrate with the vault. Instead of hardcoding a secret, the software can retrieve it from the vault. Additionally, it is possible to rotate a secret every month, enabling the application to use a different secret each month.
Practical use cases include:
- Storing BitLocker encryption keys for virtual machines
- Storing Azure Disk Encryption keys
- Storing the secret of an Entra ID app registration
- Storing API keys
How does Azure Key Vault work?
The sensitive information can be retrieved via a unique URL for each entry. This URL is then used in the application code, and the secret is only released if sufficient permissions are granted.
To retrieve information from a Key Vault, a Managed Identity is used. This is considered a best practice since it is linked to a resource.
Access to Azure Key Vault can be managed in two ways:
- Access Policies
- Provides access to a specific category but not individual entries.
- RBAC (Recommended Option)
- Allows access to be granted at the entry level.
A Managed Identity can also be used in languages like PHP. In this case, you first request an access token, which then provides access to the information in the vault.
There is also a Premium option, which ensures that Keys in a Key Vault are stored on a hardware security module (HSM). This allows the use of a higher level of encryption keys and meets certain compliance standards that require this level of security.
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
The MITRE ATTACK Framework
How does the MITRE ATTACK framework work? Let’s find out in this guide.
The MITRE ATTACK (ATT&CK) Framework is a framework which describes all stages and methods cyberattacks attacks are launched on companies in the last 15 years. The main purpose of the framework is to help Red and Blue security teams to harden their systems and to provide a library of known attacks to help mitigate them.
MITRE is the organization who is in charge of this community-driven framework and is a non-profit organization. ATT&CK stands for:
- Adversary -> Our opponents
- Tactics
- Techniques
- Common Knowledge
The framework itself can help organizations help to secure their environment really good, but keep in mind that the framework is built based on known attacks and techniques. It doesn’t cover new techniques where an organization can be vulnerable to.
The framework itself
The framework can be found on this website: MITRE ATT&CK®
The stages of a cyberattack
Each cybersecurity attack follows multiple or all stages below. Also, i added a summary of that the stage contains:
| Stage | Primary goal |
| Reconnaissance | Gathering information prior to the attack |
| Resource Development | Aquiring the components to perform the attack |
| Initial Access | Initial attempts to get access, the attack starts |
| Execution | Custom-made code (if applicable) will be executed by the adversary |
| Persistence | The attacker wants to keep access to the systems by creating backdoors |
| Privilege Escalation | The attacker tries to get more permissions than he already has |
| Defense Evasion | The attacker wants to avoid detection for a “louder bang” |
| Credential Access | Stealing account names and passwords |
| Discovery | Performing a discovery of the network |
| Lateral Movement | Aquire access to critical systems |
| Collection | Collecting data which often is sensitive/PII* data |
| Command and Control | The attacker has full control over the systems and can install malware |
| Exfiltration | The attacker copies the collected data out of the victims network to his own storage |
| Impact | The attacker destroys your systems and data |
*PII: Personal Identifible Information, like birth names and citizen service numbers
The attack stages are described very consise, but the full explaination can be found on the official website.
Summary
The MITRE ATT&CK framework is a very great framework to get a clear understanding about what techniques and tactices an attacker may use. This is can be a huge improvement by securing your systems by thinking like a attacker.
The best part about the framework are the mitigation steps where you can implement changes to prevent attacks that already happend with a big impact.
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
The Zero Trust-model
The Zero Trust model is a widely approved approach to secure an IT environment. What is it and what does it stand for? You read it in this guide.
The Zero Trust model is a security model to enhance your security posture by using 3 basic principles, and segmenting aspects of your IT environment into pillars.
The 3 primary principles are:
- Verify Explicitly
- Least privileged access
- Assume Breach
At first, those terms seem very unclear to me. To further clarify the principles, i have added some practice examples to further understand what they mean:
| Principle | Outcomes |
| Verify Explicity | Ensure people are really who they say they are Audit every login attempt from specific users Audit login attempts Block access from non-approved countries |
| Least privileged access | Assign users only the permissions they need, not more Assign only the roles when they need them using PIM Use custom roles when default roles expose too much permissions |
| Assume breach | At every level, think about possible breaches Segment your network Password-based authentication only is too weak |
The model is the best illustrated like this:
Your security posture can be seen as a building. The principles are the foundation, and all aspects in a organization are the pillars.
The fun fact in this model is, that if the foundation and/or one of the pillars are not secured enough, your security posture collapses like a unstable building.
A fun example of this can be a 5 million dollar cybersecurity budget, but users are not using strong authentication to logon and are getting compromised.
Zero Trust vs Traditional approaches
The last 20 years, the network was the primairy pillar. If a malicious user or device doesn’t have access to your network, no breach is possible.
The last 5 years, especially now in the post-COVID19 period, more people tend to work remotely. Also are companies shifting to cloud applications and infrastructure. This makes the pillar of Identity now the primary pillar, because this is the way users connecto to their infrastructure, applications and data. Breaching one of the pillar can give access to all.
The stupid part is, the Identity pillar is the pillar where the most people come along. People make mistakes and that is exactly where attackers are searching for. The path of the least resistance.
How to ramp up Zero Trust
Changes to your infrastructure, especially when talking about Security can take up very much of your time and can get complex very fast. Most companies will disregard the changes and go on, when still using unsecured systems until a great company-devastating breach.
To roll out the most critical Zero trust principles in a short timely manner, you can use the RaMP plan which is a Rapid Modernization plan. This gives you a kickstart, but leaves the more complex and time-consuming changes for the near-future.
To further expand your Zero Trust vision and security posture, a great resource is to use the following 2 references by Microsoft:
Azure Cybersecurity Benchmark: https://learn.microsoft.com/en-us/security/benchmark/azure/overview-v3
- This contains monthly updated benchmark points which you can lay against your organizations operations. These are all best practices from a security standpoint to secure the environment on all aspects and pillars
Azure Cybersecurity Reference Architectures: https://github.com/MicrosoftDocs/security/blob/main/Downloads/mcra-december-2023.pptx?raw=true
- To get some inspiration about how to build your cybersecurity architecture
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
Introduction to the Microsoft Cloud Security Benchmark (MCSB)
So have a good overview of how secure your complete IT environment is, Microsoft released the Microsoft Cloud Security Benchmark, which is…
In the modern era like where we are today, security is a very important aspect of every system you manage. Bad security of 1 system can mess with all your systems.
So have a good overview of how secure your complete IT environment is, Microsoft released the Microsoft Cloud Security Benchmark, which is an collection of high-impact security recommendations you can use to secure your cloud services, even when utilizing a hybrid environment. When using Microsoft Defender for Cloud, this MCSB is included in the recommendations.
Checking domains of the Cloud Security Benchmark
The Microsoft Cloud Security Benchmark checks your overall security and gives you recommendations about the following domains:
- Network security (NS)
- Identity Management (IM)
- Privileged Access (PA)
- Data Protection (DP)
- Asset Management (AM)
- Logging and Threat Detection (LT)
- Incident Response (IR)
- Posture and Vulnerability Management (PV)
- Endpoint Security (ES)
- Backup and Recovery (BR)
- DevOps Security (DS)
- Governance and Strategy (GS)
The recommendations look like the list below:
- AM-1: Track asset inventory and their risks
- AM-2: Use only approved services
- AM-3: Ensure security of asset lifecycle management
- AM-4: Limit access to asset management
- AM-5: Use only approved applications in virtual machine
The tool gives you overall recommendations which have previously compromised environments and are based on best practices to help you to secure you complete IT posture at all aspects. The aim is to secure all your systems, not just one.
For more information about this very interesting benchmark, check out this page: https://learn.microsoft.com/en-us/security/benchmark/azure/introduction
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
Introduction to the Azure Well-Architected Framework
The Azure Well Architected Framework (WAF) is a framework to improve the quality of your Microsoft Azure Deployment. This does it by..
The Azure Well-Architected Framework is a framework to improve the quality of your Microsoft Azure Deployment. This does it by spanning 5 pillars so an architect can determine with IT decision makers how they can get the most Azure with the planned budget.
The 5 pillars of the Well-Architected Framework are:
| Pillar | Target |
| Reliability | The ability to recover a system and/or contine to work |
| Security | Secure the environment in all spots |
| Cost Optimization | Maximize the value when minimizing the costs |
| Operational Excellence | The processes that keep a system running |
| Performance Efficiency | The ability to adapt to changes |
Like it is shown in the image up here is that the Well-Architected Framework is the heart of all Cloud processes. Without this well done, all other processes can fail.
Review your Azure design
Microsoft has a tool available to test your architecting skills ath the following page: https://learn.microsoft.com/en-us/assessments/azure-architecture-review/
With this tool you can link your existing environment/subscription or answer questions about your environment and cloud goal. The tool will give feedback on what to improve and how.
I filled in the tool with some answers and my result was this:
I only filled in the pillars Reliability and Security and filled it in as bad as possible to get as much as advices to improve. This looks like this:
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.
Cloud Adoption Framework Introduction (CAF)
More and more organizations are moving to the cloud. In order to do this succesfully, we can use the Cloud Adoption Framework which is de…
More and more organizations are moving to the cloud. In order to do this succesful, we can use the Cloud Adoption Framework which is described by Microsoft.
The framework is a succesful order of processes and guidelines which companys can use to increase the success of adopting the cloud. The framework is described in the diagram below:
The CAF has the following steps:
- Strategy: Define the project, define what you want to achieve and define the business outcomes.
- Plan: Plan your migration, determine the plans and make sure the environment readiness is at a good level.
- Ready (and migrate): Prepare your new cloud environment for planned changes and migrate your workloads to the cloud.
- Optimize: After migrating to the cloud, optimize your environment by using the beste solutions possible and innovate at this level.
- Secure: Improve the security of your workloads and plan your perodical security checks.
- Manage: Manage operations for cloud and hybrid solutions.
- Govern: Govern your environment and its workloads.
Intention of use
- Increase the chance of your cloud success
- Gives you a best practice of how to perform the migration by proven methodology
- Ensures you don’t miss a crucial step
Intended users/audience
- IT Decision makers
- Company Management Teams
- Companies who want to profit from cloud solutions
- Companies that are planning to migrate to the cloud
- Technicians and project managers for planning the migration
For more information, check out this page: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/
Summary
This framework (CAF) can be very useful if your organization decides to migrate to the cloud. It contains a variety of steps and processes from earlier migrations done by companies and their faults.
End of the page 🎉
You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.
If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/
If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)
The terms and conditions apply to this post.