Why Security
The assets with the greatest value are bank accounts, personnel details, intellectual property,
and methods and processes of working.
These assets have value to, and are coveted by bad faith actors, whether they perform corporate
espionage or other mercenary attacks, targeted or opportunistic ransomware or data theft attacks.
A good security implementation with wide coverage will mitigate most of these attacks.
-
At the technology level we have anti-virus/spam/malware, intrusion detection and prevention,
and endpoint security toolsets.
-
At the human level we have education to raise awareness of social engineering methods
and how to mitigate them, and spotting indicators of bad faith communications.
Why Security? To retain ownership of your assets.
Why Governance
Governance provides assurance that the capital expended on services for your
assets are being utilised fully and correctly.
-
By fully, are you getting the best value for your expenditure?
-
By correctly, are they configured optimally?
Why governance? Assure that the services were, are, and will be performant.
What is Multi Factor Authentication (MFA)
2024-04-14
To understand multi-factor authentication, it is important to understand what
authentication is.
The process of determining if someone (or something) is who (or what) it claims to be.
NCSC Authentication Definition
To authenticate we must supply two pieces of information, our identity and a token of some sort, generally a password.
That password is an called an authentication factor. There are three categories
of authentication factor:
-
"Something you know", a password or passphrase.
-
"Something you have", a hardware or software token generating device, or a
smartcard or security key.
-
"Something you are", a fingerprint or face scan.
To be compliant with multi-factor authentication, commonly two factor
authentication (2FA), you need to have a token from any two of the three
authentication factors listed above.
'Windows Hello' is an excellent example of streamlining MFA for the benefit
of end users, it uses the "Something you are", and "Something you have" factors
to provide a strong, password-less, multi-factor authentication system.
Microsoft M365 Authentication update.
2024-04-12 Roy Stapleton
On September 30th, 2025, the legacy multifactor authentication and
self-service password reset policies will be deprecated.
M365 Admin Auth Methods
It is important to manage the preparation and migration of authentication
and self-service password reset methods in Microsoft Entra, formerly AzureAD,
to ensure that your user-base is not impacted by the blanket migration due
September 30th, 2025.
Yahoo and Google DKIM email authentication enforcement.
2024-04-12 Roy Stapleton
Yahoo and Google recently introduced a requirement for email servers that send
emails, to authenticate their emails with DKIM (Domain Keys Identified Mail)
and SPF (Sender Policy Framework), and to advertise their policies using DMARC
(Domain-based Message Authentication and Reporting Conformance).
The SPF and DMARC policies, and the DKIM message authentication public keys
to authenticate received emails are made available with DNS records.
Without these configurations Yahoo and Google will reject your emails.