Microsoft 365 vs G Suite

Productivity Suite - @SeniorDBA

There is a battle online attempting to win market share for cloud-based business productivity suites, and Microsoft and Google are fighting for market share from businesses willing to move their productivity software and services online.

Looking at Microsoft 365 (was named O365 until this year) and Google’s G Suite, you need to understand what features and capabilities are available with either solution as well as what each solution will cost your business. Both would like to be your solution for business productivity software by selling you a subscription-based solution, but you need to determine which service best solves your business needs while also providing the services you’ll need in the future at a price that meets your limited budget.

Both of these major services are built on a robust cloud infrastructure with multiple data centers scattered all over the world. These powerful companies have the history of managing cloud services to prevent downtime, network latency, and demonstrate a pattern of rolling out new features as at fairly steady rate.

Each online solution includes the standard features:

  • Productivity applications that support worker creation of standard documents, spreadsheets, presentations, forms, and on-line storage of files.
  • Cloud-based business email and calendaring services linked to your custom domain
  • Cloud-based messaging and communication tools that support online meetings and video conferencing.
  • Management console that allows selected administrators to adjust features and settings to meet business and compliance requirements, manage security settings, and configure archive settings that support enterprise customers.

While other companies offer online services including email and online storage, not many companies offer even half of the services and features available from just these two companies.

Continue reading “Microsoft 365 vs G Suite”

List of Command Prompt (CMD) Commands in Windows

CMD - @SeniorDBA

The Command Prompt (CMD) in Windows provides access to over 280 commands that are used to perform actions from a command line interface instead of the standard graphical Windows interface.

To see the available commands from your CMD prompt, you can visit the Microsoft Knowledgebase, or review the list below.

This list also includes DOS commands from MS-DOS and early versions of Windows:

Continue reading “List of Command Prompt (CMD) Commands in Windows”

22 SQL Server DBA and Database Developer Interview Questions

Introduction

There have been several blog posts about SQL Server Database Administrator and SQL Server Developer interview questions. I have listed some examples here for your review, but the best thing you can do to prepare for an interview as someone looking for a job working with databases is to know about SQL Server databases. If you are performing the interview as someone in the hiring process, think about the specific skills you are looking for and target your questions to help identify the applicants strengths and weaknesses.

interview

1. What is a four-part name?

If the candidate ever crosses database boundaries with his queries, they should know this answer. A four-part name refers to the parts of a SQL Server object name that uniquely identifies it in the SQL environment. The first part is the instance. The second part is the database. Third is the schema and fourth is the object name. So if wanted to reference a table called employee from the HumanResources schema in the AdventureWorks database on your Production instance, the four part name would look like this:

Production.AdventureWorks.HumanResources.Employee

Continue reading “22 SQL Server DBA and Database Developer Interview Questions”

Free Download: SQL Server Management Studio 18.5.1


SQL Server

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

The SSMS 18.x installation doesn’t upgrade or replace SSMS versions 17.x or earlier. SSMS 18.x installs side by side with previous versions so both versions are available for use. However, if you have a preview version of SSMS 18.x installed, you must uninstall it before installing SSMS 18.5.1.

If a computer contains side-by-side installations of SSMS, verify you start the correct version for your specific needs. The latest version is labeled Microsoft SQL Server Management Studio 18.

Continue reading “Free Download: SQL Server Management Studio 18.5.1”

Common Database Design Mistakes

Project Management

When creating a new database instance, people will often make mistakes. While I can’t list all the mistakes that people can or will make, I hope this brief list will help you know what mistakes are possible, and help guide you to not making as many mistakes. Sometimes we attack a design problem with the idea that we will just get the work done, but most times it is better to take the extra time to do it right.

I’m not perfect, and I have made these (any many other) mistakes in database design. I’m not trying to tell you what to do or even how to do it. I’m just trying to take my lessons learned and provide a simple list so that you might not make the same mistakes. I also want to point out that no list will ever be the only way to do anything. With database design questions, the best answer is usually “it depends”. When considering the many variables that make up your environment, you will need to make many decisions that help your database instance work best in your unique environment. You have to take into account the personnel you are working with, limits of your hardware, company policies, etc.

Database design and implementation is the cornerstone of any database related project and should be treated will the importance that deserves. If you do your job really well, people will tend to minimize how important your job is in getting their  projects completed. Like a police department that does a good job catching and locking up criminals, people start wondering why they need so many policemen when the crime rate goes down. People might start asking why they need your help in getting good database design, but it will only take a few failed projects for them to come back to you for your professional help.

Continue reading “Common Database Design Mistakes”

Best Hacking Tools Of 2020: Bloodhound

Bloodhound - @SeniorDBA

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment so that an attacker can quickly understand your AD trust relationships. Attackers can use BloodHound to easily identify highly complex attack paths to find the quickest path to total dominmation, and defenders can use it to identify and eliminate those same attack paths before an attacker can compromise your network.

Enumeration Options

  • CollectionMethod – The collection method to use. This parameter accepts a comma separated list of values. Has the following potential values (Default: Default):
    • Default – Performs group membership collection, domain trust collection, local admin collection, and session collection
    • Group – Performs group membership collection
    • LocalAdmin – Performs local admin collection
    • RDP – Performs Remote Desktop Users collection
    • DCOM – Performs Distributed COM Users collection
    • GPOLocalGroup – Performs local admin collection using Group Policy Objects
    • Session – Performs session collection
    • ComputerOnly – Performs local admin, RDP, DCOM and session collection
    • LoggedOn – Performs privileged session collection (requires admin rights on target systems)
    • Trusts – Performs domain trust enumeration
    • ACL – Performs collection of ACLs
    • Container – Performs collection of Containers
    • ObjectProps – Collects object properties such as LastLogon and DisplayName
    • DcOnly – Performs collection using LDAP only. Includes Group, Trusts, ACL, ObjectProps, Container, and GPOLocalGroup.
    • All – Performs all Collection Methods except GPOLocalGroup
  • SearchForest – Search all the domains in the forest instead of just your current one
  • Domain – Search a particular domain. Uses your current domain if null (Default: null)
  • Stealth – Performs stealth collection methods. All stealth options are single threaded.
  • SkipGCDeconfliction – Skip Global Catalog deconfliction during session enumeration. This can speed up enumeration, but will result in possible inaccuracies in data.
  • ExcludeDc – Excludes domain controllers from enumeration (avoids Microsoft ATA flags 🙂 )
  • ComputerFile – Specify a file to load computer names/IPs from
  • OU – Specify which OU to enumerate

Continue reading “Best Hacking Tools Of 2020: Bloodhound”

Cybersecurity: Lateral Movement

Hackers - @SeniorDBA

What is Lateral Movement

Lateral Movement is a technique of  a malicious user moving from one system to the next in an attempt to gain access to critical business systems.

Lateral Movement Techniques

Since this is a serious risk technique that could lead to a breach of your critical business systems, you need to be able to detect and respond to these types of attacks. This isn’t one thing you are trying to detect or prevent, but a series of attack techniques that you have to build a methodology around, with more than one response to remediate the attack type.

This attack methodology requires the additional compromise of user account credentials. Using these account credentials, the attacker attempts to access other nodes by moving laterally through the network.

Examples of lateral movement attacks include:

Lateral Movement Detection

There’s more than one approach to identifying this type of malicious activity. You might need to use a collection of detection techniques in an attempt to detect this type of attack. It won’t be simple or easy, but once you start understanding this type of attack, various techniques used, and the type of detection methods at your disposal you’ll have a better chance of preventing a successful attack. Continue reading “Cybersecurity: Lateral Movement”

Securing Windows 10

Laptop - @SeniorDBA

A Windows 10 laptop right out of the box is not a truly secure laptop. Building a secure laptop using Windows 10 will take a little work. Microsoft has done a good job balancing usability and security, making sure the device is mostly compatible with what an average person wants to do without security getting in the way.

If you want a secure laptop there are some tweaks you need to make to get your laptop to the next level of security.  Some are done by default, but you should make sure you have the settings correct, and some of off by default so you’ll need to configure the settings and turn them on.

I’ll go through some of the settings to show you how you can go from default settings to secure, but you have to understand there are always more things you can do to make your Windows 10 device even more secure. Continue reading “Securing Windows 10”

Protecting High-Profile Employees from Cyber Attacks

Physical Security - @SeniorDBA

As you look to protect your employees from a cyberattack, there are specific steps you must take that include training your employees how to detect and avoid phishing emails, training all employees on how to select and protect a complex password, helping employees configure and use MFA for all their business accounts, providing secure laptops to remote workers, etc. But what about those employees that present a higher risk, based on their knowledge, location, system access, or activity? Higher profile targets have a greater risk of attack and breach of essential data, so what can you do to provide elevated security?

As with a lot of things in life, a “one size fits all” type of security may not adequately protect these high-profile accounts from compromise. Many of your users may be low risk users that aren’t subject to a concentrated attack. All accounts must be protected to prevent a successful attack on a common user from being leveraged to gain access to the privileged accounts. Privileged accounts (usually an administrator-level account) must be protected to prevent an attacker from using stolen credentials used by these privileged accounts to gain elevated access to the network and company resources.

Traditional high-profile accounts also belong to executive members, members of the finance team, the payroll department, and accounts used to control corporate social media accounts. Continue reading “Protecting High-Profile Employees from Cyber Attacks”

Enable Reserved Storage Using DISM or PowerShell on Windows 10

How to Enable Reserved Storage on Windows 10

Laptop - @SeniorDBA

Windows Updates will fail to install if your PC doesn’t have enough free disk space. Before reserved space, the only workaround is to free up some storage space before continuing with your update effort. With the May 2019 Update to Windows 10, Microsoft fixed this problem by reserving disk space for future updates.

With “reserved storage,” Microsoft sets aside at least 7 gigabytes of space on your hard drive to ensure updates can download—regardless of how much normal disk space you have.

When not being used by update files, Reserved Storage will be used for apps, temporary files, and system caches, improving the day-to-day function of your PC.

When enabled, it keeps some disk space for Windows Update, apps, temporary files, and system caches because without enough disk space Windows and applications may stop working properly.

Users installing a fresh copy of Windows 10 1903 or later, or receiving a device with the OS preinstalled, should see Reserved Storage enabled out-of-the-box. Some device manufacturers choose not to enable Reserved Storage because it reduces the available disk space to users.

Those upgrading from a previous version of Windows don’t get Reserved Storage, unless the ShippedWithReserves registry key is set to 1 before the upgrade. You can find the key under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ReserveManager.

Windows Update and Reserved Storage

Windows Update gives priority access to Reserved Storage. Before an update, temporary files that are no longer needed in Reserved Storage are deleted and the remaining space is then given exclusively to Windows Update. If Reserved Storage still doesn’t have enough space, Windows Update can also spill into free disk space that is available to the user. On systems where disk space is severely limited, Windows Update might also prompt to attach external storage to complete the update process.

DISM updated with new Reserved Storage options

Admins are able to query the amount of space reserved and even disable Reserved Storage. The state of Reserved Storage is preserved across OS upgrades once it has been enabled or disabled using DISM. The following DISM command enables Reserved Storage for the online Windows image:

Enable or Disable Reserved Storage using PowerShell

If you don’t want to mess around with DISM, Windows 10 version 2004 supports a new PowerShell cmdlet that will let you enable or disable Reserved Storage for online images.

Continue reading “Enable Reserved Storage Using DISM or PowerShell on Windows 10”

Microsoft Announces Windows Package Manager

PowerShell - @SeniorDBA

Microsoft is releasing an official package manager for Windows. At Build 2020, Microsoft announced the new Windows Package Manager preview, a command line tool that allows you to install your favorite tools quickly and easily. The repository of packages is open source, you can find them here.

Once you run he proper command from PowerShell, you can search for and install software to your Windows machine from the PowerShell command line.

To find a package, use “search”:

PS C:\WINDOWS\system32> winget search

You can also easily install software:

PS C:\WINDOWS\system32> winget install vscode

It is just that easy.

Understanding the NIST Cybersecurity Framework

NIST Cybersecurity Standard - @SeniorDBA

Summary

The Cybersecurity Framework Set was an optional standard created by the National Institute of Standards and Technology under the United States Commerce Department. This set of guidelines for private sector companies is intended to help them be  better prepared in identifying, detecting, and responding to cyber-attacks. It also includes some guidelines on how to prevent and recover from a cyberattack.

The NIST Cybersecurity Framework is intended to address the lack of standards when it comes to cybersecurity. As with almost everything else that deals with technology, there are currently major differences in the way companies are using technology to detect and remediate attacks from hackers, malicious users, and ransomware.

With the complexity and frequency of cyberacttacks growing each day, the task of detecting and preventing cyberattacks has gotten too difficult and complex to be left to chance, and a lack of a strategy among most organizations only makes this effort more difficult.

Continue reading “Understanding the NIST Cybersecurity Framework”

Cloud Security Best Practice

Cloud Security

There are several things you can do to improve the security of your online cloud environment. Protect your business assets by enabling specific controls when available.

  1. Access Control – Enable Multi-Factor Autherntication (MFA) and Conditional Access when possible. This means requiring not just usernames and passwords to acccess you critical cloud-based systems, but also requiring multi-factor authentication. Instead of allowing user access with just something you know (password), also require a user to prove their identify with something they have (cellphone) or something they are (fingerprint). You may also be able to enable conditional access, which allows an administrator to add additional requirements to your login process, like only allowing you to log into the cloud envirnment using an authorized laptop, from a specific location, etc.
  2. Improve Security Posture – Use the tools available from your cloud provider to improve your overall security posture. Microsoft Azure offers a secure score rating, showing you recommended actions and comparing your security profile to other tenants. This can drive security changes that you may not even know are possible and provide instructions specific to your environment.
  3. Secure Your Applications – Train your developers in security best practices such as Security Development Lifecycle (SDL) and test for common development issues using OWASP as a guide. Encrypt everything possible, including all internal and external connections. All data that is stored or processed should also be encrypted. Your backups should be encrypted and stored in a secure location away from the production data. Review your relationships with all vendors to make sure it is crystal clear who is responsible for all aspects of your security. You are responsible for everything unless it is specifically stated otherwise in your vendor contract.
  4. Understand and Mitigate Risks – Use best practice guidelines to identify threats and build processes to protect all your systems from known threats, detect any attacks that malicious groups may use in an attack in your envirnment, and respond to threats and attacks before your systems can be compromised. You should utilize a security information and event management (SIEM) system to collect the logs from all systems. Once the logs are in a central location you can build alerts when specific events occur, as well as identify risky behavior before the systems can be compromised.
  5. Maintain Network Security – Even through the cloud moves systems outside of your on-premise environment, the proper configuration of your firewall is still very important. Controls still need to be in place to protect the perimeter, detect hostile activity, and respond to all possible threats. A web application firewall (WAF) protects web apps from common exploits like SQL injection and cross-site scripting. Using concepts like virtual networking and subnet provisioning, you can micro-segment your network to provide additional security as you work toward zero trust networking. Enable your endpoint firewall, like Windows firewall, to properly protect the endpoints as the move outside your protected on-premise network.

While protecting your company assets from a constantly envolving threat landscape can seem an impossible (and expensive) task, some basic security processes can start you down the path towards a best-practice security environment. Don’t try to do everything at once. Start simple with the goal of constant improvement.

 

Free Download: SQL Server Management Studio 18.5


SQL Server

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

The SSMS 18.x installation doesn’t upgrade or replace SSMS versions 17.x or earlier. SSMS 18.x installs side by side with previous versions so both versions are available for use. However, if you have a preview version of SSMS 18.x installed, you must uninstall it before installing SSMS 18.5.

If a computer contains side-by-side installations of SSMS, verify you start the correct version for your specific needs. The latest version is labeled Microsoft SQL Server Management Studio 18.

Continue reading “Free Download: SQL Server Management Studio 18.5”

TIOBE Index for April 2020

Have you seen the latest TIOBE rankings report?

The TIOBE Programming Community index is an indicator of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. Popular search engines such as Google, Bing, Yahoo!, Wikipedia, Amazon, YouTube and Baidu are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written.

Programming languages used for teaching children to program have made significant movement towards the top 20 of the language lists, but this is expected in light of our current work-from-home environment. Another chnage is from now on “Visual Basic .NET” is called “Visual Basic” and the old entry “Visual Basic” is renamed to “Classic Visual Basic”.

Continue reading “TIOBE Index for April 2020”

Comparison of Nessus and OpenVAS CVE Differences

OpenVAS - SeniorDBA

When looking at a solution to managing vulnerabilities on your network, you want a solution that will find relevant vulnerabilities and will provide adequate information about known vulnerabilities that will help you mitigate any issues quickly.

In this article by Alexander Leonov, we see the results of the comparison between Nessus and OpenVAS. OpenVAS is free, but Nessus costs you money.

Why I call this comparison fast and primitive? I don’t define the structure of KBs for this product and don’t carefully map one nasl script to another. I suppose it may be a theme for another posts. Instead I am looking at the CVE links. If two scanners detect can the same vulnerabilities, they should have the same CVE links in all the NASL scripts, right? In reality we have a great difference between the products and more than a half of the CVEs can’t be detected by using both of them.

All CVEs: 80196
OpenVAS CVE links: 29240
Nessus CVE links: 35032
OpenVAS vs. Nessus: 3787;25453;9579

We can get group of the NASL scripts, “connected” with the links to the same CVEs. There are also thousands of NASL scripts in OpenVAS and Nessus that have some CVE links and can’t be mapped anyhow to the script in different KB.

All NASL plugins:
OpenVAS: 49747
Nessus: 81349

Mapped plugins: 38207 OpenVAS and 50896 Nessus
Not mapped OpenVAS plugins: 2673
Not mapped Nessus plugins: 6639

You can read the entire article here.

Hard Drive RAID Levels Explained

RAID Levels - @SeniorDBA

What is RAID?

RAID stands for Redundant Array of Inexpensive Disks. It is a technology used to distribute data across multiple hard drives in one of several ways called “RAID levels”, depending on what level of redundancy and performance is required.

Wikipedia defines RAID as “a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word “RAID” followed by a number, for example RAID 0 or RAID 1. Each schema, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives.”

In environments were speed and redundancy are required, you need to select the proper RAID level that matches your requirements and budget. In general, a RAID-enabled system uses two or more hard disks to improve the performance or provide some level of fault tolerance for a NAS or server.

There are several RAID concepts that you must also understand:

Continue reading “Hard Drive RAID Levels Explained”

12 Cybersecurity Tips to Stay Secure on the Internet

Hacker - @SeniorDBA

The internet is a wonderful place full of free information, endless entertainment, and useful ways to communicate with you family and friends. There are also people that want to use that wonderous virtual environment to attack the cyber-weak and take what they have for their own profit. You see the news stories almost weekly, where another company has been breached and their customer data has been stolen, stores where companies have been attacked with ransomware and all their files are encrypted until they meet their attackers demands, or just average users bombarded with phishing emails or robocalls.

People don’t always know what they can do protect themselves, so I have collected 10 simple tips that will help guide the average user to a safer cybersecurity profile that will help protect their valuable systems and data from cybercriminals.

Basically speaking, when you want to secure a user, a family, or an entire company you have to first secure the perimeter, then secure the data that enters and exits through that perimeter. Just a few years ago that perimeter was much smaller and easily defined, but with todays services relying on the internet for almost all information like news, weather, movies, emails, file storage, gaming, etc. that perimeter is larger than ever before.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. One basic example is you may use your personal computer to access your bank to transfer money from checking to savings.  The risk is your computer may be compromised and that might allow a hacker to gain access to your bank account to transfer your money to their bank account. A hacker might just gain access to your password and is then able to use your email address and stolen password to log into your bank account from anywhere in the world to open new accounts to borrow massive amounts of money in your name. Continue reading “12 Cybersecurity Tips to Stay Secure on the Internet”

Multi-Factor Authentication (MFA) for Office 365

MFA - @SeniorDBA

What is Multi-Factor Authentication

Multi-factor authentication (MFA) is basically an authentication method in which a computer user is granted access to computer systems only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user is). This is usually implemented by the user providing the traditional password along with another form of authentication, usually in the form of something they have. In most modern implementations this requirement is accomplished using a one-time code or authentication application the user has access to on their mobile device.

Using Multi-Factor Authentication

With O365 resources being available from anywhere in the world, it brings great opportunity for a business to operate without boundaries or time zones. As a business expands or business users travel they have unrestricted access to documents, data, and online services from everywhere on the planet. What cyber-security professionals know is that this flexibility also provides criminals the same access opportunities to steal your data from anywhere in the world.

Continue reading “Multi-Factor Authentication (MFA) for Office 365”

Microsoft MCSA, MCSD, MCSE Certifications Retire June 30, 2020

Microsoft Certifications - @SeniorDBA

As Microsoft expands their role-based learning offerings, all remaining exams associated with Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Solutions Expert (MCSE) will retire on June 30, 2020.

If you’re working towards a MCSA, MCSD, or MCSE certification from Microsoft, you’ll want to pass all required exams before they retire. If you have an existing MCSA, MCSD, and MCSE certification, it will remain on your Microsoft transcript for two years from June 30, 2020; at that time the certification will be moved to the “inactive” section of your transcript.

Certifications scheduled to retire on June 30, 2020

Continue reading “Microsoft MCSA, MCSD, MCSE Certifications Retire June 30, 2020”

Windows End-Of-Life Schedule

Windows 7 - @SeniorDBA

There are Windows end-of-life dates you should be monitoring. Windows 7 and Windows Server 2008 reached end of life in January 2020. Once a system has reached end-of-life you will no longer receive support from Microsoft, and there will be compliance questions as auditors will have issues with unsupported production systems having potential security vulnerabilities. You should develop a written plan to upgrade existing systems to a supported version, test the plan to verify you won’t have any issues, and implement the plan before your existing systems reach end-of-life.

When deploying a new system to production, you deployment plan should include a plan to either upgrade or retire the system before they reach their projected vendor end-of-life date.

Continue reading “Windows End-Of-Life Schedule”

Increase Length of Existing VARCHAR Column in SQL Server

SQL Server

Once you have created your table and filled it with data, it can be difficult to alter the table without losing your valuable data. You can increase the length of a VARCHAR column without losing existing data, but you will need to execute following ALTER TABLE statement.

Here is an example SQL command so you can se how  to increase the length of a VARCHAR column in SQL Server:

ALTER TABLE MyTable ALTER COLUMN MyColumn VARCHAR (100)

This command increases the length of MyColumn column of MyTable table to 100 characters. You can use the same command to increase the length of CHAR, NCHAR or NVARCHAR columns as well.

Free Download: SQL Server Management Studio 18.4


SQL Server

SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

The SSMS 18.x installation doesn’t upgrade or replace SSMS versions 17.x or earlier. SSMS 18.x installs side by side with previous versions so both versions are available for use. However, if you have a preview version of SSMS 18.x installed, you must uninstall it before installing SSMS 18.4.

If a computer contains side-by-side installations of SSMS, verify you start the correct version for your specific needs. The latest version is labeled Microsoft SQL Server Management Studio 18.

Continue reading “Free Download: SQL Server Management Studio 18.4”

Creating a free Azure account

Cloud Computing - @SeniorDBA

Microsoft Azure is a powerful series of features that can take your company to the cloud, but how do you begin to learn about these amazing features without spending a lot of money? To begin using Azure, you can go to https://azure.microsoft.com/free/. This page allows you to create a free account.

You can explore the page to see what’s included in the offer. Items included with your free Azure account:

12 months of free use of the following services:

You can use all of these services for free for 12 months, within the free service limits for the particular service. For instance, you get 750 hours of Windows Virtual Machine for free. You can spend these hours over your 12 months of free service.

$200 Azure credit for the first 30 days

If you want to use a service that is not in the list of free services, or if you use more than the free service limits, you get charged for that usage. In the first 30 days after you’ve created your free account, this charge is deducted from $200 that you get for free. When you’ve spent the $200 or your 30 days are up, you will be charged for any service usage that is beyond the free service limits.

Services that are always free to use

On top of the free services offer, there are Azure services that have a free tier that you can always use. These are the services that have a free usage tier:

Create your free Azure account

  1. Go to https://azure.microsoft.com/free/ and click the green Start button.
  2. Login with a Microsoft account or a GitHub account. If you don’t have one yet, you can quickly create one.
  3. First, you need to verify your identity by phone. You can do that by entering your phone number and providing the verification code that you receive.
  4. Next, you need to fill in details of a credit card. Don’t worry, you won’t be charged to create the free account. And by default, the Azure subscription that you create has a spending limit on it, so you can’t use more than the free $200 that you receive until you manually remove this limit.
  5. Fill in your personal details and click Next.
  6. Finally, agree to the agreement and click Sign up. Your free Azure account will now be created.

After a few moments, you Azure subscription is ready. Now, you can go to the Azure portal (https://portal.azure.com/) and start using Azure.

Start using Azure

Now that you have a free account, you can start using Azure and testing out the features. You can also use one of the services that has a free tier. You can try that with Azure Web Apps. This has a free tier that you can use forever. The only catch is that the free tier isn’t as powerful and doesn’t have as many capabilities as paid tiers.

Give it a try and see if you can make a Microsoft Azure free account work for you.

 

10 Steps to Stopping Lateral Movement Attacks

Lateral Movement - @SeniorDBA

It is estimated that over 75% of cyber attacks come from outside your network. While every attack is unique and tactics may vary, the basic stages of an outsider attack are similar. During the attack, an attacker uses four basic steps to gain a foothold in your environment.

  1. Attack the perimeter – Gain access through any perimeter protections to gain access to the internal resources of the network, like a user’s computer or a server-based resource on the internal network. This can be accomplished using a known vulnerability, or by convincing the user to run a program from an email link or attached file.
  2. Malware Drop – Once they have access to an internal resource, they drop malware onto the endpoint and begin communications to the compromised device, usually though a command and control system. Using the permissions of the current user, they gather intelligence about the network and attempt to elevate their permissions on that endpoint.
  3. Lateral Movement – They now start looking for resources on other systems on the same internal network. As new systems are discovered, they are also compromised and start communicating with the attackers command and control system. They gather more intelligence and try to elevate their permissions on all compromised systems.
  4. Trigger Payload – Once your network and systems are owned by the attacker, they start exfiltrating and/or encrypting the files on the compromised internal resources. Game Over.

There are some common mitigation strategies your organization can implement to help prevent lateral movement (step 3 shown above) during an attack. You won’t always detect the initial compromise of an internal resource, but you can limit the damage that can be inflicted by implementing some basic security steps.

Here are 10 Steps to a reducing a lateral movement attack:

  1. Malware and Virus Detection – Install and properly configure an anti-malware and anti-virus solution on every endpoint. This offers, as a minimum, basic protection from known malware signatures, and probably offers advanced heuristic protection algorithms to detect behavior to indicate malicious activity even on zero-day attack attempts. The Microsoft Defender endpoint protection features in Windows 10 is a good example of this type of software that is highly rated and very effective.
  2. Standard User Accounts – Since users are usually the ones that allow the initial compromise through drive-by downloads or clicking on a phishing email, you must limit the power of the malware by limiting the power of the user. Require all users to login with a standard standard user account and don’t make them a local administrator on any computer. Even administrators should log into their computer with a standard account as a normal practice. They should only log into systems with administrative rights when they need to actually perform administrative tasks.
  3. Enforce Least Privilege – Only allow users access to systems if they have a business need to that resource. Only allow the minimum privileges to allow the user to do exactly what they need to do, nothing more. This helps prevent malware from using the users permissions to gain unauthorized access to sensitive data.
  4. Multifactor Authentication – Implement multi-factor authentication for access to internal and external systems, all applications, and  even social media. This basically requires the user to approve access through an mobile application or SMS message before their computer password is accepted. This means that even if a user’s password is stolen or guessed by an attacker, they can’t access the resource without the user’s cellphone.
  5. Conditional Access Controls – Restricting access based on static elements like location, operating system, or even time of day is a basic control that limits account login, even with approved credentials, to enforce compliance dynamically. Microsoft O365 and Azure offers a wide range of conditional access features based on location, operating systems, user risk, etc. to add security options for greater account protections.
  6. Strong Password Management – Require strong passwords that are different for every account. Never allow users to reuse passwords and encourage users to use password managers so they have strong password hygiene. Block common unsafe passwords (i.e. password1, qwerty123, etc.) and configure systems to log password failure attempts. Configure systems and devices to change or eliminate default passwords and  require every system to have a unique passwords across all privileged accounts. Never store passwords inside a script. Implement SSH key management tools.
  7. Patch Management – Configure systems and devices to automatically download and install vendor patches as soon as they become available. If the system needs to be tested before any patch is applied, do the testing as soon as possible to target installing all vendor patches within 30 days. Less vulnerabilities mean it is harder for an attacker to get into a system through a software security weakness.
  8. Network Segmentation – Group assets (users, application servers, etc.) into logical units that do not trust each other. Segmenting your network reduces the “line of sight” access attackers must have into your internal systems. For access that needs to cross trust zones, require a secured jump server with multi-factor authentication, adaptive access authorization, and session monitoring. If malware can’t access systems, it severely limits an attackers ability to jump from one system to the next. Where possible, go beyond standard network segmentation to segment based on context of the user, role, application and data being requested.
  9. Implement Threat Behavior Monitoring – Implement base security event monitoring and log events that will help you later understand what systems were compromised. Using  advanced threat detection (including user behavior monitoring) you can quickly detect compromised account activity as well as symptoms of insider privilege misuse.
  10. Application Whitelisting – If possible, implement policies to only allow known good applications to execute while you block and log all other applications launch attempts. Windows 10 allows you to implement this functionality using AppLocker. As a minimum you can pre-install the software required by a user and block them from installing any new software.

While backups will not help prevent a successful lateral movement attack, if your files are compromised by an attack your only remediation may be to restore/replace the missing or encrypted files from a recent backup. Don’t forget to include offline backups in your security efforts as a safely net when all preventative measures fail.

Cybersecurity @SeniorDBA

While none of these steps will prevent a successful attack on their own, a combination of tactics can truly limit the ability of a successful attack from doing severe damage to your business.  By limiting the scope of an attack you can reduce the cost of recovery, limit the scope/quantity of lost or damaged files, prevent a compromise of critical business intelligence, and build confidence in your ability to protect critical business assets.