Ever wondered how a lean Windows Service can fend off high-stakes cyber threats? Discover the secret recipe of minimal permissions, real-time monitoring, and built-in resilience that keeps systems secure under attack.
https://thedefendopsdiaries.com/designing-secure-windows-services-key-principles-and-strategies/
#windowsservices
#cybersecurity
#securitydesign
#leastprivilege
#realtimemonitoring
Well, crud. I've identified a somewhat unpleasant security flaw in my protocol.
See, every post gets encrypted with its own symmetric key, and the symmetric key (and the unguessable filename of the post) is given to everyone who should have access to read it.
But if the *person who runs the server* is one of the recipients, they could falsify a post. Not great. The protocol assumes some trust in the host, but shouldn't assume *that* much.
I think what this means is that the index files which normally list posts via (filename, symmetric key) pairs should actually list triples: (URL, symmetric key, hash). The index files are actually asymmetric-signed, which makes tampering far more unlikely.
I'm not thrilled about this, as inclusion of the hash removes some deniability. :-/ But it may be necessary.
In the latest episode of the Ctrl+Alt+Azure podcast we talk about reviewing design decisions for Microsoft Sentinel workspace architecture.
We also share some community highlights from @jukkan, Daniel Calbimonte, @anthonychu, and @samcogan.
#azure #sentinel #microsoftsentinel #architecture #securitydesign #costoptimization
This is the Ctrl+Alt+Azure podcast. We talk about all things Microsoft Azure and share our experiences and thoughts on the way. Your hosts are Tobias Zimmergren and Jussi Roine.
The DefendOps Diaries
varx/tech
Tobias Zimmergren