Skip to content

Disadvantages of Single Cloud, SaaS, or IaaS Strategy

In the realm of choosing technology for your companies’ Cloud, SaaS, or IaaS solution providers, we often rely on a select few providers since they tend to meet most of our requirements. A classic example is Microsoft, being one of the most prominent players in the industry, which offers a range of services that have become crucial components for many organisations.

When a company has an on-premises Domain Controller, you might be looking at options such as Azure AD while exploring ideas to move Active Directory to the Cloud. While we look at Azure AD, we will come across offering such as Microsoft 365 E5 licensing. Microsoft 365 E5 is a cloud-based suite of Microsoft 365 productivity apps combined with advanced voice, analytics, security, and compliance services all into one suite. I have seen most companies choosing this option along with email Exchange and it is clearly a no-brainer when choosing these offerings.

However, when organisations choose to put all their eggs in one basket, they are entrusting a single provider for critical services like Microsoft Azure Active Directory (AD), Exchange, SSO and Microsoft 365, they may inadvertently expose themselves to significant risks.

I will explore a few potential dangers of such an approach and provide insights through real-life examples.

Microsoft-E5-SSO-Exchange

Handling Digital Evidence for Data Forensics

Digital evidence preservation is the process of collecting, analyzing, and storing electronic data that is relevant to an investigation. In today’s world, electronic data plays a major role in criminal and civil proceedings, making the preservation such digital evidence a crucial part of the process.

Digital evidence can include anything from emails, text messages, social media posts, documents, images, access logs and other electronic information. This should be examined and processed only by those trained and authorised to perform the task.

The preservation of digital evidence involves the proper collection and handling of the data to maintain its authenticity and integrity. This requires specialized tools and techniques to ensure that the evidence is not tampered with, altered, or destroyed.

There are a number of techniques used to manage the handing of the digital evidance. Failure to properly preserve digital evidence can result in the evidence being deemed inadmissible or unusable in court, thus potentially jeopardizing the outcome of a case.

The digital evidence preservation is a crucial aspect of legal investigations and proceedings, and proper handling and preservation of electronic data are essential to ensure that the evidence can be used effectively in court.

Digital-Evidence

Log4J Vulnerability and Mitigation Strategies

There is a critical vulnerability has been identified within the Apache Log4J framework which is used by millions of devices running online services. It is a Java-based logging framework part of the Apache Logging Services, a project of the Apache Software Foundation.

What are the implications of the Log4J vulnerability?

The bug in the Apache Log4j module will allow an attacker to execute arbitrary code on any system that uses Log4j to write logs.

apache-log4j-Vulnerability

How bad is this?

This is a very critical bug that should not be ignored until it is patched. The bug is easily exploitable by someone with limited knowledge of the system.

Cyber Security strategy and recommendations for 2021

The year 2021 is a big year for Cyber Security and it will not get any better. The entire perspective of work and other life have changed and we have to change the way we tackle cyber security, otherwise we will either be left behind or become a victim of Cyber attack. There are big misconceptions about cyber attacks and unfortunately the truth is, unless one goes through an attack or has a deep understanding of the implications, they will not see the full effect of it.

cyber-security-strategy-and-recommendations-for-2021

Here are 15 points I have put together which, I think an organisation or an individual can do to prevent such attacks.

The ever-evolving Cyber Security architecture

There have been a lot of changes around the world in 2020 with the pandemic, and walking into the year 2021 will not change a lot in terms of the new working style. A lot of industries have suffered a great deal, and they have learnt alternative ways to adapt and do their businesses.

Only a small percentage of companies took advantage of remote working and implemented such a solution before the pandemic compared to the current remote working proportion. Companies and government departments were on the fence about remote working and did not implement such solutions, especially on a large scale until their hands were tied to implement it in a short span of time. This is where the quick deployment of technology was vigorously tested to deploy a working environment for the people while maintaining the same level of collaboration and the effectiveness from a centralised office.

Azure CDN HTTP to HTTPS redirction

There are a few settings which needs to be checked while configuring Azure CDN. The one which usually gets overlooked is the HTTP to HTTPS redirect. While we deploy the CDN to be accessed via HTTPS, it does not automatically work when the HTTP protocol is used to access. When this happens, it usually displays the following message with the error “The account being accessed does not support http.”

The account being accessed does not support http

This can be achieved using the Endpoint Rules engine to redirect the requests from HTTP to HTTPS.

Building Hugo CICD pipeline on Microsoft Azure

On my previous post, I have outlined on how to host Hugo generated website on Amazon S3 and serve it with CloudFront CDN. Even though it works flawlessly, it is still not possible to get CloudFront to support Simple URL without the use of Lambda@Edge.

Therefore, I have decided to enable Simple URL and move to Microsoft Azure Blob storage and serve it with Azure CDN.

I have decided against implementing Lambda@Edge because I feel…

  1. Introducing Lambda@Edge an unnecessary hurdle.
  2. I am open to using Microsoft Azure or other Cloud Providers and not tied to AWS.

Hosting Hugo on Amazon S3 and CloudFront

I have been hosting my static Hugo generated website on Amazon S3 and serving it using Amazon CDN CloudFront. It works flawlessly except one aspect of CloudFront where it will cause a problem if you enable S3 Bucket Restriction on.

CloudFront only allows you to specify a default root object (index.html), but it only works on the root of the website such as nish.com -> nish.com/index.html. It does not work on any subdirectory such as nish.com/about/. If you were to attempt to request this URL through CloudFront, It would do an S3 GetObject API call against a key that does not exist.

Moving away from WordPress to Hugo

This website was initially created with WordPress a long time ago. There have been several template changes over the years and finally, I was able to get everything working when I installed Thesis Theme around 2010.

Even though WordPress was working for me, it was taking a toll on my time when I had to make sure the security aspect of the website is constantly maintained.

Over the past few years, static Webhosting has become popular since the introduction of Amazon S3 / Azure Blog storage hosting. This has addressed one of the main issues I had with WordPress, which is Security. Even though WordPress code is very old, in my opinion, is a great solution for the right problem. However, it is not the right solution for a small blog like this one. I had to constantly make sure that the code and plugins are all up to date and the website is fully secured for any attacks.

My take on Amazon network switches

There has been a rumour floating around lately that Amazon is going to be introducing Ethernet switches. A move like this by Amazon will eventually challenge manufacturers like Cisco Systems. I have came across a video from Packet Pushers where Greg Ferro talks about the possibilities and avenues which Amazon would take to venture into the switching or even networking arena.

As Greg stated, Amazon, in this case AWS already run their own network on their own hardware and software. This is because they cannot have a profit margin by relying on another vendor. It would be cheaper in the long run, to run on your own hardware and software managed and manufactured by themselves. Furthermore, it will be near impossible to run the biggest cloud architecture in the world and run the network on some other vendor. They would most likely run their underlying network as a fabric, controlled by Software Driven Network SDN such as OpenFlow and run the rest of the architecture virtualized and controlled by the AWS console.