As I sit here on the nice shady patio enjoying my morning coffee, I figured I should probably post up my slide deck from my first official talk. First of all BSidesCT was great! The organizers made some classy laser cut badges this year and the CTF was a good time (actually got 4th in it!). Will I submit another? Who knows? I think I will build on it a bit and learn more about ASP.NET in the process. Ok, on to the side deck as my yard work is calling (thought I took Friday off for fun?)
Of Course My Cloud App is Secure, It’s in Azure
Some notes to add to the deck when it comes to the logging Azure Websites:
- Azure has added the ability to bring log files down via FTP/FTPS.
- They have added other log tools such as Log Stream which lets you watch your application and web log activity.
- Azure PowerShell can do it using get-azurewebsitelog –name <appname> -Tail
- Azure Powershell can do it with save-azurewebsitelog. Saves to zip in directory you run the command from.
Other items to note when moving to any cloud solution:
- Many security features are not enabled by default, though Microsoft does notify you of certain ones to turn on through Security Center
- You can encrypt your Azure SQL Databases!
- You can enable 2FA for your Azure/Live Account as well as implementing it within Azure for Azure AD or Web Apps.
- Review your SLAs!!!
- And of course way the risks of any cloud service. Not all data is created equal and some of it is better off staying on-premise.
OK the temp is rising and it isn’t even noon yet, the yard awaits!
Apologies for not posting anything in a while. Hopefully that will change over the next couple weeks. We will keep it simple and this will just be a simple events posting…
Source Conference Boston 2016
May 18-19th with training on the 16-17th. Timing is great as this rolls right into…
Training on May 20th, conference on May 21st. Tickets are almost sold out!
Further down the line in July, BSidesCT comes back! CFP is open and it will once again be held at Quinnipiac University’s Rocky Top Student Center.
Head over to the meetup page for full details: http://www.meetup.com/Nutmeg-InfoSec/events/220164972/
Nothing special is scheduled so we may look at doing some planning for the future or have some open discussion.
Head over to http://www.meetup.com/Nutmeg-InfoSec/events/219239031/ and sign up! Tell your friends and coworkers. Demo/Talk on Bro Network Security Monitor is planned. Donations to NESIT, for use of the space, will be humbly accepted.
We had a couple new faces come out to the kickoff of Nutmeg InfoSec Meetup. We discussed the state of the CT InfoSec community over some beer and pizza. Thankfully we all seem to believe that it exists and just needs a push to get more people involved. We eventually moved over to the classroom to a talk about Shodan.io. The slides will be posted shortly, but you will get more out of actually checking it out and searching the “Internet of Things.”
If you couldn’t make it out to last week’s meetup, don’t worry! We plan to do this every month. We will most likely finish out the year at NESIT Hackerspace, but after the holidays we will look at moving around the State. If you happen to know of a good location between Hartford and New Haven, let us know!
Looking forward to the next one!