Security

Module Monday March 20, 2023

March 20, 2023 by ClaytonT Leave a Comment

Hope you had a great weekend, and are ready for today’s Module Monday. Are you using Duo security? Or looking at Duo for your company? Then you need this module. It’s called DuoSecurity.

Why not automate the process of onboarding/terminating employees or removing old phone authenticators? What about reporting on who is in which groups, how many phones they have, or filtering event logs?

So many more things to automate with this module and make your life easier as well as make your company more secure.

If you have used this module before, let me know how you are using it.

PowerShell Gallery:
Duo Security

GitHub:
Duo Security

Read-Only Friday Nov 11, 2022

November 11, 2022 by ClaytonT Leave a Comment

With today being a holiday, and more holidays coming up in the last days of the year, send out reminders to your users to keep be extra careful when clicking on links. Attacks have been more minor so far this year, which makes me feel it’s going to ramp up shortly. For the parents, think of it when your child is quiet for too long by themselves… it usually means they are planning something or doing something they shouldn’t be doing. That’s how I feel about bad actors currently.

A few things to remind them:
- Do you normally get emails from that company service? (ie UPS, FedEx, PayPal, etc)
  - If not, don’t open it, and definitely don’t click on links or download an attachment
- Does that person normally send you links to click on? If they do, are they the type the current email is asking you to open?
  - I’ve seen it before when a company you normally work with gets compromised so spam/virus/malware protection doesn’t pick it up as it is coming from a real email, but the bad actor over took that users account and is sending links/attachments from it.
- Is the email the real identities email?
  - I know the name says it’s your president or CFO, but what is the real email sending it? It can be tougher seeing it quickly on a mobile device, but have them double check. Have them check those headers.
- Don’t respond to the email
  - When responding, you are showing them that the account is live, and they will keep on attempting to compromise that email address.
- If it looks real, contact the person/company from known number
  - If the email looks mostly real, but they don’t normally send you links, call the person/company from a known number. Nothing from that current email. If you normally contact them check previous emails or ask a coworker if they have a direct number. I would say check their website, but that could be compromised as well, so not always the best spot to get their number.

I’m sure all of these are pretty common, but it’s a great reminder for your users, especially with the end of the year rush starts happening.

What are some tips you would give to your end users?

One-Liner Wednesday October 19, 2022

October 19, 2022 by ClaytonT Leave a Comment

New-TenantAllowBlockListItems -ListType Sender -Block -Entries emailaddress

Here is a super useful one liner that has come in handy more recently.

What this does is adds a user or domain to the tenant block list as it’s written below. If you need to add someone to the allow list, you can change -Block to -Allow. You can even change set a duration for both Blocking and Allowing.

Command:
New-TenantAllowBlockListItems

Example with Parameters:

Add-365Blocklist