...

...

Potential Value Opportunities

Potential Challenges

VPN Security Challenges or Zero Trust NA - Network Access

https://www.esecurityplanet.com/networks/vpn-security/

esecurityplanet.com-VPN Security Risks Best Practices for 2022.pdf link

esecurityplanet.com-VPN Security Risks Best Practices for 2022.pdf file

VPNs were developed to solve two challenges: the high cost of leased lines for branch offices, and the growing need to enable remote workers to access the corporate network securely.

While VPNs provide security by encrypting data and sending it through a “tunnel,” there are limitations to that security. Before examining those limitations, let’s take a look at how VPNs work.

How VPN works

A VPN involves the transfer of encrypted data wrapped with a header containing routing information. This process enables the data to travel securely over a shared or public network to reach its endpoint.

Data packets passed over the public network in this way are unreadable without the decryption keys, thus ensuring that data is not disclosed or changed during transmission.

From the user’s perspective, the VPN connection is a point-to-point connection between the user’s computer and a corporate server. The nature of the public network is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.

VPNs improve wifi security

Many of these mobile workers use public Wi-Fi to access corporate data, and more than one-third never use a VPN to protect their data even though two-thirds are concerned about public Wi-Fi security, according to a survey by iPass. VPN remains a viable option for securing data transferred over public Wi-Fi.

VPN risks

Are VPNs safe? Admittedly, there are security risks associated with VPNs. These include VPN hijacking, in which an unauthorized user takes over a VPN connection from a remote client; man-in-the-middle attacks, in which the attacker is able to intercept data; weak user authentication; split tunneling, in which a user is accessing an insecure Internet connection while  also accessing the VPN connection to a private network; malware infection of a client machine; granting too many network access rights; and DNS leak, in which the computer uses its default DNS connection rather than the VPN’s secure DNS server.

Even with these added security measures, VPNs are not immune to breaches. They operate on a principle of trusting whoever enters the network rather than using the principle of least privilege.

VPN product security features needed

VPN security features when choosing a VPN product. These include must-have security features include:

• support for strong authentication
• strong encryption algorithms
• support for anti-virus software and intrusion detection and prevention tools
• strong default security for administration and maintenance ports
• digital certificate support
• logging and auditing support
• and the ability to assign addresses to clients on a private network while ensuring all addresses are kept private.

Also, having a kill switch is an important VPN security precaution

...

Security Vendor Lockin Risks

security-vendor-challenges-Is Microsoft Lock-In the Right Strategy for your Org.pdf.  link

security-vendor-challenges-Is Microsoft Lock-In the Right Strategy for your Org.pdf. file

Microsoft server software always had higher security risks than other architectures < see Fidelity issues 2012 & the Microsoft Certification Environment

Image Added

compare microsoft azure security tools to other vendor options on pros, cons, costs, security open standards support

security risks using microsoft azure security - many of these exist on other platforms as well

VPN Security Challenges or Zero Trust NA - Network Access

https://www.esecurityplanet.com/networks/vpn-security/

esecurityplanet.com-VPN Security Risks Best Practices for 2022.pdf link

esecurityplanet.com-VPN Security Risks Best Practices for 2022.pdf file

VPNs were developed to solve two challenges: the high cost of leased lines for branch offices, and the growing need to enable remote workers to access the corporate network securely.

While VPNs provide security by encrypting data and sending it through a “tunnel,” there are limitations to that security. Before examining those limitations, let’s take a look at how VPNs work.

How VPN works

A VPN involves the transfer of encrypted data wrapped with a header containing routing information. This process enables the data to travel securely over a shared or public network to reach its endpoint.

Data packets passed over the public network in this way are unreadable without the decryption keys, thus ensuring that data is not disclosed or changed during transmission.

From the user’s perspective, the VPN connection is a point-to-point connection between the user’s computer and a corporate server. The nature of the public network is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.

VPNs improve wifi security

Many of these mobile workers use public Wi-Fi to access corporate data, and more than one-third never use a VPN to protect their data even though two-thirds are concerned about public Wi-Fi security, according to a survey by iPass. VPN remains a viable option for securing data transferred over public Wi-Fi.

VPN risks

Are VPNs safe? Admittedly, there are security risks associated with VPNs. These include VPN hijacking, in which an unauthorized user takes over a VPN connection from a remote client; man-in-the-middle attacks, in which the attacker is able to intercept data; weak user authentication; split tunneling, in which a user is accessing an insecure Internet connection while  also accessing the VPN connection to a private network; malware infection of a client machine; granting too many network access rights; and DNS leak, in which the computer uses its default DNS connection rather than the VPN’s secure DNS server.

Even with these added security measures, VPNs are not immune to breaches. They operate on a principle of trusting whoever enters the network rather than using the principle of least privilege.

VPN product security features needed

VPN security features when choosing a VPN product. These include must-have security features include:

• support for strong authentication
• strong encryption algorithms
• support for anti-virus software and intrusion detection and prevention tools
• strong default security for administration and maintenance ports
• digital certificate support
• logging and auditing support
• and the ability to assign addresses to clients on a private network while ensuring all addresses are kept private.

Also, having a kill switch is an important VPN security precaution

Crowdstrike lessons 2024 - Impacts and lessons on Perfected Trust 

see gdoc details here on crowdstrke 

I've been part of a similar upgrade failure across a network. Briefly, there were clear operations failures in policy, procedure and performance by CrowdStrike and Delta. That said, PART of the problem was clearly the quality of the older Microsoft software that always had poor engineering quality. While that specific risk probably does not exist in current Microsoft software, as someone who managed a Microsoft production environment, I overcame Microsoft software quality problems with operations controls on testing, deployment. Thinking forward, there are architecture gaps in software stacks that can be addressed with a new quailty standard and related automated audits to validate the quality. I have yet to see some key in depth engineering strategies to improve software reliability that would make a dramatic impact on runtime quality management. A lot more to be done by all parties.

https://www.forbes.com/sites/ariannajohnson/2024/07/19/crowdstrike-update-heres-what-you-should-do/

...

https://www.nbcnews.com/tech/tech-news/microsoft-outage-crowdstrike-global-airlines-windows-fix-rcna162685

https://finance.yahoo.com/news/delta-ceo-lashes-crowdstrike-cost-135953941.html

Forbes >> crowdstrike-update-heres-what-you-should-do

Kurtz told NBC some users have been able to resolve the problem by rebooting their computers. But if problems persist, CrowdStrike has offered a manual workaround solution for the blue screen error. This fix involves booting the system into Safe Mode or the Windows Recovery Environment, and navigating to the C:\Windows\System32\drivers\CrowdStrike directory. Users must then delete the file title “C-00000291*.sys.” The process puts the system into a mode where CrowdStrike and other third-party drivers aren’t able to operate, according to the Verge.

WILL RESTARTING YOUR COMPUTER 15 TIMES WORK?

Microsoft said some customers using its Azure cloud were able to fix their computers by rebooting the systems as many as 15 times. Amazon also suggested rebooting computers may also solve the issue for customers using its AWS cloud software.

6 sigma quality for SMPE - Service Management Policy Effectiveness for prevention, remediation of service quality problems 

6 sigma -  a process being 99.9997% defect-free

Six Sigma is a set of tools and methodologies that businesses use to improve processes by reducing defects and errors, minimizing variation, and increasing quality and efficiency. The goal is to achieve a level of quality that is nearly perfect, with only 3.4 defects per million opportunities (DPMO), which is considered a "six sigma" level. This level of performance equates to a process being 99.9997% defect-free

https://www.simplilearn.com/what-is-six-sigma-a-complete-overview-article

Aggregated service quality calculations 

Assume a primary service has up to 50 dependent services it invokes processing all it's apis in the contract

Every individual service is rated very high quality ( eg .999 reliability )

The aggregated quality shows the consolidated impact of 50 services that all have that quality rating

the aggregated quality of consolidated services is very low

key points 

• aggregated service quality is below each individual service quality
• how do we measure the service quality of each individual service

Candidate Solutions

Open-source security Tools 

...