Combining user and device certificates for wifi authentication in Intune

Modern security and wifi standards say we have to move to certificates but that’s a tall order for many, particularly if we need to replicate the user-level identification of a humble password.

February 12, 2024 · 7 min · 1444 words · Chris Beattie

Code debt and custom sandboxes

Schools can hardly be the only organisations with legacy applications in regular use for vital ’line-of-business’ functions. Hopefully for the most part these are visible to IT, securely contained and have an end-of-life date with a succession plan rather than being adopted through choice into a modern desktop environment. A while ago I encountered a nasty and unavoidable case of the latter and had to figure out a solution. The application I was tasked to deploy was for processing sensitive financial data on our most heavily-secured devices and relied on Internet Explorer and Java....

September 2, 2022 · 6 min · 1160 words · Chris Beattie

User bypass of policy-enforced browser extensions

By most estimates, Chromium browsers have a 70-80% market share and are deployed in academic and enterprise environments across the globe. Policy-based management is vital to ensure a uniform user experience and enforce security controls, yet on Windows bypassing some aspects of this as a restricted, non-admin user is trivial. This is concerning because schools may rely on these settings for duty of care and student protection. Enter Extensions In recent posts I’ve outlined why Internet security is important for schools and how network-based monitoring and filtering solutions are no longer sufficiently comprehensive to be viable in isolation....

August 8, 2022 · 6 min · 1203 words · Chris Beattie

HTTPS inspection: a lost cause

HTTPS inspection is a function provided by many Internet security vendors marketed at schools and businesses since it promises to remove encryption from web traffic and ensure that everything is visible to the filtering system where it can be checked for malware or flagged for inappropriate content. This worked fairly well a decade ago but in the post-Snowden era of pervasive encryption and advancing Internet security standards, this cannot deliver what it once promised and instead puts us and our networks at risk....

June 30, 2022 · 7 min · 1368 words · Chris Beattie

Cybersafety the hard way

I’ve been working in the education sector for almost a decade and after so long a great many things that inform my thinking become assumed, unacknowledged. Some of my greatest revelations have come from describing the things we do, the problems we have and the ways we fix them to folk outside of our wheelhouse. That’s what this post is; it’s a primer on attitudes to technology in schools through the lens of cybersafety....

June 27, 2022 · 9 min · 1909 words · Chris Beattie

Exchange Online mailbox sender restrictions with Azure AD synced groups

I’d love to see current global stats comparing use of Exchange on-prem vs cloud. Surely given the number of recent security disasters, any notion of physical ownership of mailboxes equating to their safety has been well and truly dispelled and only the bravest or most prodigiously-resourced organisations would attempt hosting it themselves. Exchange Online is doubtless the most popular version and would most often be deployed alongside an on-prem Active Directory, yet as soon as AD is in the mix the assumption is that Exchange is on-prem or hybrid....

June 13, 2022 · 4 min · 662 words · Chris Beattie

Microsoft Virtual Event Presentation

Delighted that the Microsoft education team gave me the opportunity to present some of my recent work to their top schools around the country and thankful for the great encouragement from those that attended. Honestly, the education community is just brilliant – and I’m proud to be a part of it!

May 27, 2022 · 1 min · 51 words · Chris Beattie

Case Study: HTC's Vuln Shock

Here’s another great PBL case study from my pgcert cybersecurity course, based on this article. In this instance the focus was less on the details of the flaw itself than the circumstances of how it was revealed by the researchers (way too soon) and handled by HTC (way too late). Now, I’m not an expert in the circumstances of this case, but this is a summary of the general points I took from it and successfully presented....

September 6, 2021 · 6 min · 1240 words · Chris Beattie

Case Study: Vulnerable Voicemail

This was a PBL case study in my pgcert cybersecurity course. The problem was outlined in this news article. Essentially at one point mobile providers were using a pre-set voicemail PIN or generating one from a known formula that could be inferred based upon data points such as characteristics of the customer. This would make it a trivial matter to guess a voicemail PIN and access a subscriber’s confidential information....

September 1, 2021 · 3 min · 602 words · Chris Beattie