About cloudadmin

This author has not yet filled in any details.
So far cloudadmin has created 9 blog entries.

People – Email Security’s Weakest Link

Email was simpler back then. Pre-cloud era, all you had was a best in class firewall, a strong antivirus/antispam solution, and excellent security software covering every endpoint.

But these email security solutions are no longer enough. Email is by far the most important communications application, correspondingly the number-one method carrying security breaches into organisations.

Adoption of best practice email security resilience measures is a big problem. An alarmingly high percentage of organisations are not on board with the basics – SPF, DKIM, DMARC reporting, and the advanced threat protection security solutions available today.

If adopted – multi-layer intelligent AI driven email security solutions are catching up in effectiveness.

So now hackers are starting to side-step improving security technology. How? By targeting humans. Social engineering is a dark capability, with no technology necessary – just soft skills!

Social engineering tricks staff into taking actions compromising organisational security. Exploitation of human vulnerabilities and foibles have turned into the number-one most effective strategy for attackers.

For example, email fraud targets key staff with direct access to corporate financial data and decision-making power. Their email addresses are impersonated or literally hacked and taken over, then used to send instructions to colleagues internally that carry the weight of the impersonated sender’s organisational authority.

A Holistic Organisation-Wide Cyber Security Strategy

Technology-based defenses with threat intelligence to combat email attacks are critical and non-negotiable,  but today threat protection technologies are just one pillar of an overarching security strategy.

If hackers use a combination of technical and non-technical (i.e. human-to-human!) strategies to breach security, then everyone’s a stakeholder in  Every staff member has a role to play in cyber resilience to email fraud. All end-users need enrollment in a security awareness program. Some end-users are are more phish-prone than others, but move forward on the principle all staff are targets, so all staff will benefit from increased security awareness.

A holistic email security solution should prevent email based attacks before they occur, then must consider email continuity and email recoverability. What is the plan to keep business email communications operating if email is down? Sending and receiving email during a business-wide email system outage must be a scenario planned for.

If emails are lost then the capability to restore email to the required granularity is required – from individual emails, mailboxes, to email system-wide restoration.

Technology is only one part of an Email Security Strategy

Email security’s weakest link is people. Respond to this reality by raising staff awareness of their role in a comprehensive email security strategy. Train for a healthy wariness when it comes to evaluating emails containing –

  • Email links and attachments
  • Domain spoofing and impersonation
  • User impersonation
  • Links to fake online applications

Keeping email security top of mind is now non-negotiable for all employees. Attackers leverage humans to side-step security technology. So create a security culture at work that sets the tone for how email is used.

 

FAQ – Microsoft Azure Files and Azure File Sync

For an overview on Microsoft Azure Files and Azure File Sync a great resource to understand and learn more can be found at this link:

Click here: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq

Azure Files with Azure File Sync is a game-changer. Microsoft’s answer provides an authoritative answer and direction for using the cloud as a business file server dilemma – which is:

How do you centralize your company’s file shares in the cloud, but at the same time keep the performance of an on-premises file server?

While not first to answer this question, Microsoft’s authority and credibility legitimizes the cloud-as-a-fileserver strategy with Azure Files and Azure File Sync.

 

Phishing and the Human Attack Surface

So what is a hacker to do if corporate security defenses are becoming more effective? Companies are adopting more sophisticated multi-layered security technologies and processes.

Business are ramping up their investment in their security to protect themselves. Two-factor authentication, quicker operating system patching, firewalls, endpoint protection everywhere, email and web secure protection – the sophistication of advanced security measures are increasing in their effectiveness.

increasingly cybercriminals are going after the softest target – me and you. The human attack surface, with its wildly variable and fallible behaviour.

To illustrate how the human factor is the cyber attacker’s holy grail, here are some fun (not) findings from proofpoint’s Human Factor 2018 Report.

  1. Social engineering is the hacker’s key to phishing success. Not technology. A critical point, as social engineering is person-to-person. It  neatly sidesteps all those expensive advanced security technologies and engages directly with us folks. Humans who are gullible, easily deceived, under-trained, probably tired, busy, certainly curious, want to help, and have fingers that left-click quicker than their brain engages.
  2. A fun proofpoint recommendation: Use phishing simulations to see who in your business falls for it. Find out who clicks then make an example of them (ok proofpoint didn’t say that last part).
  3. Business Email Compromise (BEC)  almost totally relies on analogue person-to person strategies. None of the usual signs such as malicious links and attachments. The email message doesn’t get caught by standard security filtering, and instead uses convincing language to trick the recipient to take the desired insecure action (the requisite “bean spillage” i.e. pay a invoice, transfer money). Though, phone and other communications are commonly used during attacker’s research phase to uncover the key players in an organisation. It’s social engineering to find names and roles – most often C-level and finance department. Any action that persuades the victim the disclosure of sensitive information and sending of money is legitimate and authorized.

Human nature is always the biggest vulnerability. Check out the Human Factor 2018 Report from proofpoint here.

 

Turn on and Configure Gmail’s Anti-Phishing Capabilities

Gmail’s anti-phishing capabilities have been around since April 2018 in Australia. I’m just not seeing the uptake these new email safety features deserve.

I’m going to stay on point in this blog with Cloud Admin’s current focus on email authentication – email spoofing (SPF, DKIM, DMARC). So my focus is on the Gmail Safety’s section – “Spoofing and Authentication”.

The other 2 sections in G Suite Admin under Apps > G Suite > Gmail > Safety are “Attachments” and “Links and external images” are just as important! These email security settings need equal attention. I’m doing a disservice to the criticality of new settings addressing how attachments are as the attack vector of choice – so be sure to configure these new settings as well.

Back to “Spoofing and Authentication” for this post.

Scroll down and click on “Safety”, under G Suite Admin Console’s Gmail settings.

“Spoofing and Authentication” Gmail Settings Safety Section

Recommendations:

  1. Choose customize settings in the Spoofing and Authentication section.
  2. For each safety setting (listed below) in this section – recommend choosing option “Keep email in inbox and show warning” from the drop-down option list. Make sure this option is manually chosen, as it’s default for some options and not default for others.
  3. Once you’ve lived with the emails “delivered to your inbox with warning for a while, AND you know your SPF, DKIM, and DMARC configuration is working for your domain, revisit the settings and re-configure preferred options for each setting. For example the setting “protect against inbound emails spoofing your domain” is a straight- forward choice – change the option to send those emails straight to spam.

The safety options are (to choose option “Keep email in inbox and show warning”):

  • Protect against domain spoofing based on similar domain names
  • Protect against spoofing of employee names
  • Protect against inbound emails spoofing your domain
  • Protect against any unauthenticated emails – not authenticated (SPF or DKIM)

Why choose “Keep email in inbox and show warning”?

Any emails picked up by the new safety settings still arrive in your inbox like before, but now they come with a warning!

You get to learn what Gmail’s safety measures are doing with the enabled safety settings – specifically regarding phishing attacks due to spoofing and unauthenticated emails.

Email security is an evolving space, and not all email providers support best practice email authentication measures,  so you’ll need to choose the option to still deliver the email to your inbox, accompanied now with a warning.

As I said, live with the option to “keep email in inbox and show warning” for a while, then reconfigure your Gmail Safety Settings to your preferences.

You can read more here: https://support.google.com/a/answer/7577854

Prevent Outgoing Spam in G Suite with DMARC

Learn how to prevent outgoing spam in Google G Suite with DMARC. Google is a key DMARC standard participant, thankfully, as a significant percentage of all email traffic passes through Google’s email infrastructure.

Given Google’s DMARC support, implementation of the DMARC email authentication protocol is a no-brainer and will help you regain control over spammers spoofing your email, who do this by impersonating your “From:” email address.

Learn more about DMARC for Google G Suite by clicking this link: https://support.google.com/a/answer/2466580#

Then to learn how to add DMARC to your business email domain, go here: https://support.google.com/a/answer/2466563?

How to Setup Office 365 SPF, DKIM, and DMARC

Office 365 has a compelling suite of security features. In fact you can justify the migrating your business email to Office 365 (Exchange Online) even from a security perspective, to ramp up your security best practices.

Email protection and authentication in Office 365 requires manual work. Deterring email spoofing (impersonating your email “from” address) includes as a solid start – the SPF, DKIM, and DMARC email authentication standards.

  1. To setup SPF in Office 365 to prevent spoofing: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-spf-in-office-365-to-help-prevent-spoofing
  2. To setup DKIM in Office 365 to validate your outgoing email from your business domain: https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email
  3. DMARC depends on SPF and DKIM to work. Once SPF and DKIM are configured, tested, and working – don’t forget DMARC.

https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email

DMARC – uncover email spoofing

When it comes to email spoofing. You can’t fix what you don’t know is happening.

Plainly put – spoofing is the very uncool act of sending email using someone else’s email address (as the “from” address). This so that the receiver of the message thinks that the message is legit, to “sell” the receiver the lie it’s coming from someone other than them. People are naturally more likely to read email if they think the sender is above-board.

Enter DMARC – a work in progress email authentication and reporting standard.

DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of inboxes.

Never mind the work in progress, DMARC is used by all the big players. Given Gmail, Office 365, and other email providers dominate email traffic, informed consensus says DMARC really is non-negotiable today.

How else can you get reporting on all messages that claim to come from your domain?  Only from email providers/email systems who’ve implemented the DMARC standard. You’ll get reports on how many illegitimate messages are using your domain, and where the emails are coming from.

Find out if your email address is backed by best practice email security and authentication measures: https://dmarcian.com/dmarc-inspector/

Learn more about DMARC at https://dmarc.org

 

Microsoft Azure File Sync

This is where it all comes together. At last, from: https://azure.microsoft.com/en-us/blog/score-one-for-the-it-pro-azure-file-sync-is-now-generally-available/

Azure File Sync replicates files from your on-premises Windows Server to an Azure file share, just like how you might have used DFS-R to replicate data between Windows Servers. Once you have a copy of your data in Azure, you can enable cloud tiering—the real magic of Azure File Sync—to store only the hottest and most recently accessed data on-premises.

And since the cloud has a full copy of your data, you can connect as many servers to your Azure file share as you want, allowing you to establish quick caches of your data wherever your users happen to be. As mentioned above, in simple terms, Azure File Sync enables you to centralize your file services in Azure while maintaining local access to your data.

Learn more here: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

Microsoft Azure Files and Azure File Sync

Azure Files offers fully managed file shares in the cloud that are accessible via the industry-standard Server Message Block (SMB) protocol. Yes, this is a big deal, transformational even… the file server in the Cloud is fast becoming a practical reality.

You can mount Azure file shares concurrently on cloud or on-premises deployments of Windows, Linux, and macOS. You also can cache Azure file shares on Windows Server machines by using Azure File Sync for fast access close to where the data is used.

Learn more here: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq