HTTPS inspection is a function provided by many Internet security vendors marketed at schools and businesses since it promises to remove encryption from web traffic and ensure that everything is visible to the filtering system where it can be checked for malware or flagged for inappropriate content. This worked fairly well a decade ago but in the post-Snowden era of pervasive encryption and advancing Internet security standards, this cannot deliver what it once promised and instead puts us and our networks at risk....

I’ve been working in the education sector for almost a decade and after so long a great many things that inform my thinking become assumed, unacknowledged. Some of my greatest revelations have come from describing the things we do, the problems we have and the ways we fix them to folk outside of our wheelhouse. That’s what this post is; it’s a primer on attitudes to technology in schools through the lens of cybersafety....

I’d love to see current global stats comparing use of Exchange on-prem vs cloud. Surely given the number of recent security disasters, any notion of physical ownership of mailboxes equating to their safety has been well and truly dispelled and only the bravest or most prodigiously-resourced organisations would attempt hosting it themselves. Exchange Online is doubtless the most popular version and would most often be deployed alongside an on-prem Active Directory, yet as soon as AD is in the mix the assumption is that Exchange is on-prem or hybrid....

In a masterful stroke of irony, within days of me sharing my solution for NPS RADIUS with AADJ devices, itself made necessary because Microsoft doesn’t consider the needs of their cloud-first customers, they made a major change to how certificates work in Active Directory in KB5014754 without considering the needs of their cloud-first customers. This change breaks the mechanism my solution relies on to operate and while there is a workaround, it is only viable until the change kicks in....

So my previous blog around AADJ device certs for RADIUS on NPS gathered some steam. Thank you @jabbrwcky for this inspiring article that shows how to bring NPS into the cloud era with smart solutions like @scepman_ and @RADIUSaaS. https://t.co/5AYb47qMw6 — glueckkanja-gab (@glueckkanjagab) May 25, 2022 It now features in the official documentation of SCEPman, the cloud CA I used in my solution! Intriguing to see how to lift NPS to the cloud era, and great to see clever solutions to all challenges....

Delighted that the Microsoft education team gave me the opportunity to present some of my recent work to their top schools around the country and thankful for the great encouragement from those that attended. Honestly, the education community is just brilliant – and I’m proud to be a part of it!

Microsoft’s Network Policy Server (NPS) has been running network authentication in the enterprise for decades but is now out of the loop when it comes to a modern cloud-first infrastructure. Using an inventive approach, I show that it is possible to overcome its recalcitrance and get it authenticating Azure AD-joined (AADJ) as well as on-prem AD clients. This is the long-form writeup of the project I presented at Microsoft’s Australia-wide Surface Gold & Lighthouse Virtual Event in May 2022....

Everyone too busy trying to survive to spend any time creating something new. –James S.A. Corey Wisdom comes from experience. Experience is often the result of a lack of wisdom. –Terry Pratchett Aside of an excuse to quote Corey and Pratchett, I feel like both of those perspectives are relevant to the notion of writing a blog. Some days it really is just about survival, yet those are often the very ones with the most useful lessons learned, and the temptation is to just rush headlong into the next thing rather than stop to reflect and build on them....

Here’s another great PBL case study from my pgcert cybersecurity course, based on this article. In this instance the focus was less on the details of the flaw itself than the circumstances of how it was revealed by the researchers (way too soon) and handled by HTC (way too late). Now, I’m not an expert in the circumstances of this case, but this is a summary of the general points I took from it and successfully presented....

This was a PBL case study in my pgcert cybersecurity course. The problem was outlined in this news article. Essentially at one point mobile providers were using a pre-set voicemail PIN or generating one from a known formula that could be inferred based upon data points such as characteristics of the customer. This would make it a trivial matter to guess a voicemail PIN and access a subscriber’s confidential information....