Posts from February 2020

Securing Passwords with Azure AD Password Protection

Richard Green on 22nd February 2020

Organisations define password policies to ensure that their users are not setting weak passwords that can be easily compromised. In this article, we explore securing passwords with Azure AD Password Protection and whether it can help make you more secure but also easier on your users.

Traditional password policies in Active Directory rely on basic filters to determine the number of characters and type of characters including numbers, letters, and symbols. On face value these policies may seem secure, however, are these policies actually causing the problem and much weaker than you think?

Manage Software Updates with Azure Update Management

Richard Green on 16th February 2020

The answer is Azure Update Management so what is the problem we are trying to solve? At Arcible, we have some on-premises servers. To keep safe, secure, and compliant, these servers need patching just like any other server does. Our environment is small and not big enough to justify a Microsoft Endpoint Manager (formerly Configuration Manager) deployment and Windows Server Updates Services (WSUS) is too painful and manual to manage.

So if we aren’t using Microsoft Endpoint Manager or WSUS, what do we do? We want a solution that’s automated to reduce the admin overhead but while being lightweight and not costing much.

Is Your Physical Security Exposing Your Information Security

Richard Green on 12th February 2020

Last week I stumbled across a rather interesting set of videos on YouTube by a presenter called Deviant Ollam (https://www.youtube.com/results?search_query=deviant+ollam+physical+security). Deviant Ollam is a physical security penetration tester in the US and runs a company doing just that: trying to gain access to places he shouldn’t. We’re not talking black hat breaking in activity here but we are talking about white hat: doing these things paid for by the client to test their physical security.

What I found watching some of these videos was startling. Yes, some of the content is a little bit US-centric and perhaps doesn’t apply to the UK, however, it really got me thinking about a question. As IT, we spend all this time and money investing in information security, event logging, event monitoring, alerting, and more. If the physical security of our premises, however, is so easily bypassed, are we just making it too easy for would-be attackers.