Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2022: I've been pwned but I don't ...

Azure Zurich User Group
PRO
May 10, 2022
Technology
0
84

AzureBootcamp2022: I've been pwned but I don't care by Michael Rüefli

This session is one of the sessions of Azure Bootcamp Switzerland 2022.
www.azurebootcamp.ch

Everyone talks about safeguarding identities in the cloud. But what does that actually mean? Are you confused about terms like MFA,ATP,CASB,PIM,Tokens? The session will be practical and demo heavy, showing value and usage scenarios every Azure AD admin would want to know about!
🙂 MICHAEL RÜEFLI ⚡️ Managing Partner and Solutions Architect @ scopewyse

Check out Michael at: https://www.linkedin.com/in/drmiru/

Azure Zurich User Group
PRO

May 10, 2022
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
[Nov24]: Bringing your first LLM into Production or Beware of your Boss’s Nephew by Christian Hidber
azurezurich
PRO
0
16
[Nov24] ChatGPT OverYour Own Data by Marco Gerber
azurezurich
PRO
0
13
Bicep and Terraform Code generation (without AI) by Thomas Hafermalz
azurezurich
PRO
0
29
ABS2024: FinOps in Azure by Francisco Teles
azurezurich
PRO
0
90
ABS2024: Model Platform by Arindam Mitra, Anass Alhyar, Raj Subramani
azurezurich
PRO
0
47
ABS2024: Azure AI Deep Dive with Ausgleichskasse Basel Stadt by Jörg Bieri & Ivan Babic
azurezurich
PRO
0
65
ABS2024: Breaching the Cloud: How to Exploit and Mitigate Common Security Risks by Hans-Peter Weiss & Jan Schneider
azurezurich
PRO
0
81
ABS2024: Building an Enterprise Data Platform with Microsoft Fabric by Gerald Reif & Weili Gao
azurezurich
PRO
0
140
ABS2024: ChatGPT Over Your Own Data by Marco Gerber & Michael Rüefli
azurezurich
PRO
0
71

Other Decks in Technology

See All in Technology
Taming you application's environments
salaboy
0
180
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
100
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
200
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
750
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
GitHub's CSS Performance
jonrohan
1030
460k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k

Transcript

  1. I’ve been pwned …and I don’t care that much… Michael

    Rüefli scopewyse GmbH

  2. Michael Rüefli Partner | Solutions Architect scopewyse GmbH [email protected] www.miru.ch

    @drmiru drmiru About me | Tech Azure Cloud Platform & Security Security in focus, MCT (Microsoft Certified Trainer) Community worker About me | Private Father, Husband, Skydiver, Skier

  3. ▪ Identity, the new perimeter ▪ Attack scenarios ▪ Why

    we are still using passwords ▪ Alternatives to passwords ▪ Countermeasures / protection use cases (demo) Agenda

  4. In a world… modern hybrid MOBILE work from anywhere THE

    IDENTITY IS THE NEW PERIMETER
  5. None

  6. Common attack scenarios Weak or stolen Passwords of breaches leverage

    either stolen and/or weak passwords Social Attacks of attacks that resulted in a data breach Credential-Stealing SW Of data breaches involved some form of credential stealing malware 81% 43% 51% Source: okta

  7. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2021 1234567890 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456

  8. Fun fact.. or maybe not even funny.. 1. 2. 3.

    4. 5. 6. 7. 8. 9. Rank Password Most common used passwords in 2022 SERIOUSLY ? 111111 12345678 1q2w3e qwerty123 12345 password qwerty 123456789 123456

  9. Why PIN/Biometrics are the better choice PIN/Bio/FIDO2 Password TPM

  10. Why do we still need passwords in 2022?

  11. ▪ Legacy authentication protocols in apps ▪ Lack of support

    in IDPs ▪ Rolling out WHFB -> spoiler! Why passwords are still around

  12. ▪ PIN ▪ BIOMETRICS ▪ FIDO2 ▪ AUTHENTICATOR with password

    less config Password alternatives With Azure AD
  13. None

  14. How to get pwned?

  15. This Photo by Unknown Author is licensed under CC BY-SA-NC

  16. None
  17. None
  18. None

  19. Prevention / Countermeasures

  20. None

  21. ▪ Microsoft Identity Protection Landscape Identity Protection Charta DETECT PREVENT

    REMEDIATE INVESTIGATE Azure Multi-Factor • Single-Factor • Untrusted Location • Unmanaged Devices • Multi-Factor • Conditional Access • Step-up authentication • Token Lifetime • Compliant Devices • Sign-In logs Azure AD Identity Protection • Atypical Travel • User Risk Detections • Leaked Credentials • Anonymous IP • Conditional Access • PIM & Tiering Model • Priviledged Access • Risk levels remediation • SSPR • JIT Access • Risk investigation • Risky users • Risky sign-ins Microsoft Defender for Identity • Compromised Creds • Lateral Movement • Domain Dominance • Brute Force Attacks • Password Reset & MFA • High-risk user policies • Admin Tiering Model • Priviledged access • Consult logs • Defender for Cloud Apps integration Azure Sentinel • Built-in detections • Multistage attack detection (Fusion) • Connectors • Analytic rules • Playbooks • Investigation graph • Playbooks • Automation Passwordless / Windows Hello for Business • Single password • Biometrics • PIN Login • FIDO 2

  22. Conditional Access & Identity Protection Corporate Network Geo-location Microsoft Cloud

    App Security MacOS Android iOS Windows Microsoft Defender EP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset ****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 171TB Effective policy

  23. DEMO TIME

  24. ✓Enforce MFA for admin roles ✓Enforce MFA/SSPR for risky sign-ins

    ✓Disable legacy authentication protocols ✓Enforce security information registration from trusted devices / locations ✓Enforce always-authenticate from untrusted devices ✓Enforce step-up authentication (CAE) Identity Protection to-do-list

  25. Key takeaways

  26. having a good password is still important but don’t rely

    on it

  27. protection should be conditional to avoid verification fatigueness

  28. conditions may change over time so.. always verify

  29. None

  30. www.scopewyse.com [email protected]