Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2022: I've been pwned but I don't care by Michael Rüefli

Azure Zurich User Group
PRO
May 10, 2022
Technology
0
70

AzureBootcamp2022: I've been pwned but I don't care by Michael Rüefli

This session is one of the sessions of Azure Bootcamp Switzerland 2022.
www.azurebootcamp.ch

Everyone talks about safeguarding identities in the cloud. But what does that actually mean? Are you confused about terms like MFA,ATP,CASB,PIM,Tokens? The session will be practical and demo heavy, showing value and usage scenarios every Azure AD admin would want to know about!
🙂 MICHAEL RÜEFLI ⚡️ Managing Partner and Solutions Architect @ scopewyse

Check out Michael at: https://www.linkedin.com/in/drmiru/

Azure Zurich User Group
PRO

May 10, 2022
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
Navigating the Azure Cloud at Digitec Galaxus: Our Journey and Lessons Learned by Olivier Girard & Gerald Schermann
azurezurich
PRO
0
56
How Criminals Breach your Azure Environment by Marco Schmidt & Manu Meyer
azurezurich
PRO
0
18
GitHub Copilot has Come to Stay!
azurezurich
PRO
0
56
Synapse Real-Time Analytics in Fabric by Alvaro Videla
azurezurich
PRO
0
50
Data Engineering in the Large Language Models era by Ismaël Mejía
azurezurich
PRO
0
78
Aug23 [Slides]: HPC on Azure in the Financial Services Industry by Darko Mocelj
azurezurich
PRO
0
22
Container App Service Deep Dive by Mohammad Nofal
azurezurich
PRO
0
88
KEDA - Mastering Scale to Zero by Daniel Hasselwander
azurezurich
PRO
0
45
AzureBootcamp2023: Data Clean Rooms & Confidential Computing by David Sturzenegger & Primo Amrein
azurezurich
PRO
0
36

Other Decks in Technology

See All in Technology
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.6k
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
370
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
290
本当のAWS基礎
toru_kubota
0
500
On Your Data を超えていく!
hirotomotaguchi
2
660
ユーザーストーリーのレビューを自動化したみたの
bun913
1
410
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
500
日本におけるデータエンジニアリングのこれまでとこれから
foursue
16
4.2k
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
300

Featured

See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Building an army of robots
kneath
300
41k
The Cult of Friendly URLs
andyhume
74
5.7k
A Modern Web Designer's Workflow
chriscoyier
689
190k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
Designing with Data
zakiwarfel
96
4.8k
Bash Introduction
62gerente
604
210k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
14
1.5k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k

Transcript

  1. I’ve been pwned …and I don’t care that much… Michael

    Rüefli scopewyse GmbH

  2. Michael Rüefli Partner | Solutions Architect scopewyse GmbH [email protected] www.miru.ch

    @drmiru drmiru About me | Tech Azure Cloud Platform & Security Security in focus, MCT (Microsoft Certified Trainer) Community worker About me | Private Father, Husband, Skydiver, Skier

  3. ▪ Identity, the new perimeter ▪ Attack scenarios ▪ Why

    we are still using passwords ▪ Alternatives to passwords ▪ Countermeasures / protection use cases (demo) Agenda

  4. In a world… modern hybrid MOBILE work from anywhere THE

    IDENTITY IS THE NEW PERIMETER
  5. None

  6. Common attack scenarios Weak or stolen Passwords of breaches leverage

    either stolen and/or weak passwords Social Attacks of attacks that resulted in a data breach Credential-Stealing SW Of data breaches involved some form of credential stealing malware 81% 43% 51% Source: okta

  7. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2021 1234567890 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456

  8. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2022 SERIOUSLY ? 111111 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456

  9. Why PIN/Biometrics are the better choice PIN/Bio/FIDO2 Password TPM

  10. Why do we still need passwords in 2022?

  11. ▪ Legacy authentication protocols in apps ▪ Lack of support

    in IDPs ▪ Rolling out WHFB -> spoiler! Why passwords are still around

  12. ▪ PIN ▪ BIOMETRICS ▪ FIDO2 ▪ AUTHENTICATOR with password

    less config Password alternatives With Azure AD
  13. None

  14. How to get pwned?

  15. This Photo by Unknown Author is licensed under CC BY-SA-NC

  16. None
  17. None
  18. None

  19. Prevention / Countermeasures

  20. None

  21. ▪ Microsoft Identity Protection Landscape Identity Protection Charta DETECT PREVENT

    REMEDIATE INVESTIGATE Azure Multi-Factor • Single-Factor • Untrusted Location • Unmanaged Devices • Multi-Factor • Conditional Access • Step-up authentication • Token Lifetime • Compliant Devices • Sign-In logs Azure AD Identity Protection • Atypical Travel • User Risk Detections • Leaked Credentials • Anonymous IP • Conditional Access • PIM & Tiering Model • Priviledged Access • Risk levels remediation • SSPR • JIT Access • Risk investigation • Risky users • Risky sign-ins Microsoft Defender for Identity • Compromised Creds • Lateral Movement • Domain Dominance • Brute Force Attacks • Password Reset & MFA • High-risk user policies • Admin Tiering Model • Priviledged access • Consult logs • Defender for Cloud Apps integration Azure Sentinel • Built-in detections • Multistage attack detection (Fusion) • Connectors • Analytic rules • Playbooks • Investigation graph • Playbooks • Automation Passwordless / Windows Hello for Business • Single password • Biometrics • PIN Login • FIDO 2

  22. Conditional Access & Identity Protection Corporate Network Geo-location Microsoft Cloud

    App Security MacOS Android iOS Windows Microsoft Defender EP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset ****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 171TB Effective policy

  23. DEMO TIME

  24. ✓Enforce MFA for admin roles ✓Enforce MFA/SSPR for risky sign-ins

    ✓Disable legacy authentication protocols ✓Enforce security information registration from trusted devices / locations ✓Enforce always-authenticate from untrusted devices ✓Enforce step-up authentication (CAE) Identity Protection to-do-list

  25. Key takeaways

  26. having a good password is still important but don’t rely

    on it

  27. protection should be conditional to avoid verification fatigueness

  28. conditions may change over time so.. always verify

  29. None

  30. www.scopewyse.com [email protected]