Wednesday, May 21, 2014

Pre-Approve ActiveSync devices

Hi

Recently we have enabled ActiveSync quaratine rules in our organisation.  This was to stop a member of staff using their own device to access corporate data.

We have only enabled AS for users with corporate devices, but some people have worked out that this allows you to use AS on your own device.  This is far from ideal, especially considering that our IT department now have full wipe access on their personal device!  Enabling this quaratine rule will stop people from taking advantage of this setting, unless someone from IT approves their device.

On the whole this works pretty well.  The difficulty is that it slows down the process of provisioning multiple devices, especially when you are attempting to complete workshops with users during a handover period.

I found a way to pre-approve devices using powershell.  First of all you need to find the deviceID.  On an Apple device you go to Settings > About > Serial Number.  The deviceID is applserialnumber

The difficulty is that using the following powershell command will replace the multivalued property "ActiveSyncAllowedDeviceIDs"

set-casmailbox username -ActiveSyncAllowedDeviceIDs "deviceID"

How do you append?

I looked around the internet and found this page.

http://www.windowsinfo.eu/?p=105

So changing the command to the following would append the value

$update=Get-Casmailbox username
$update.ActiveSyncAllowedDeviceIDs += "deviceID"
$update | Set-casmailbox -ActiveSyncAllowedDeviceIDs $update.ActiveSyncAllowedDeviceIDs

This is great, but it is not very scalable.  How do you use this to enter 50-100 deviceIDs?

Create a CSV file as following and save as devices.csv

name,deviceID
user1,111111111111
user2,222222222222
user3,333333333333

Then run the following script

$users = import-csv c:\devices.csv<
foreach ($item in $users)
{
$update=Get-Casmailbox $item.user
$update.ActiveSyncAllowedDeviceIDs += "$item.deviceID"
$update | Set-casmailbox -ActiveSyncAllowedDeviceIDs $update.ActiveSyncAllowedDeviceIDs
write-host $item.user has been updated.
}
That's it. 

Good Luck

Friday, May 02, 2014

InfoSecurity Europe 2014

InfoSecurity Europe 2014 was held this week in London.  This 3 day event was designed for security professionals to network and for companies to display their security wares.

Unfortunately the first 2 days were marred by a tube strike in London.  I believe this put many people off visiting Earl's Court for the event until the last day, it certainly did for me!




So what did I see?

Eric Cole

I watched a keynote seminar inducting Dr Eric Cole into the InfoSecurity Europe hall of fame.  He had some wonderful insight into security issues of the day and what areas security professionals should focus on.  He discussed the switch of security from inbound threats to outbound threats.  Many attacks require an outbound connection to allow data to be sent externally and this is an area to focus monitoring on.  Among many things he shared with the audience he issued the Eric Cole challenge.

Get a usage report of outbound internet connectivity by host IP.

Check the top 10 largest bandwidth used by each host
Check the top 10 longest established outbound connection by each host
Check the top 10 hosts with most blocked outbound connections

If a host is on all three lists.....it has probably been compromised.

He also made the analogy that our networks are like our bodies.  We do not expect to never get sick, it is about how we can reduce the likelihood of it occurring and how quickly we can recover.  Our networks are the same these days, it is not a question of IF you will be compromised, but WHEN and HOW you get over it.

It was a fascinating session which did really make me think.  You can even see me thinking intently during the highlights video of the day.



(skip to 1:10 to see me!)

Egress

I met up with the Egress team at their colourful stand.  They have a product which allows companies to securely share data with customers.  Their products even stops people from taking screenshots using Snipping Tool and watermarks the screen to make it easy to determine if someone has leaked information using a physical camera.  Their technology stack looks really interesting and seems to have overcome the barrier of providing secure email, without requiring the end customer requiring funky software or exchanging certificates.

They also had a buzzwire game which someone miraculously completed in under 12 seconds!  I was rubbish and couldn't even complete it!!!

www.egress.com

Good

My company use the Good Technology stack for BYOD.  Our staff have found it really useful, but the user experience isn't the greatest, especially when using dynamics apps.  I spoke to a couple of the Good team and they explained that this is a big focus for them in the next 12 months.  They have an event (Good Exchange) which I am going to, hopefully I will see the fruit of their labour.

Good Exchange

F5

I spoke to F5 about their product stack, it was great to see a stand with whiteboards and markers.  There is nothing I like more than drawing a scenario on a whiteboard and being able to visualise someone else's ideas.

https://f5.com/

Pen Test Partners

These guys had a great demo presentation where they described how hackers can use the JTAG interface on mobile phones to hack information.  Their stand was mocked up to look like a kitchen and the presenters were dressed as chefs.  It was a bit gimmicky, but the information and presentation material were second to none.

www.pentestpartners.com/

Overall it was a cracking day and I will definitely try to attend again.