Hi Darragh, Something I would definitely be interested in, although as Andrew as said may be a little late in the day for me. Security wise we're looking towards focusing on admin privileges / inactive accounts within on prem AD to give any possible ransomware attacks as little to work with as possible. We're also working towards getting a cyber essentials certificate. We have also floated around the idea of 2FA being used for any admin tasks / domain admin logins, however this hasn't gone any further yet. Azure AD wise 2FA, conditional access and information protection are enabled and used across the board. AV wise we use Symantec endpoint protection on prem, however as a security team we are pushing towards their cloud offering to help us protect more devices including mobiles / tablets. For managing vulnerabilities we have a Nessus licence that runs a daily scan against our internal server subnets and then pushes those results into a bespoke dashboard, and we also use outpost 24 for external PCIDSS related scanning which we're also working on incorporating into the same dashboard. We recently saw evidence of a password spraying attack against our domain but we're still trying to investigate the origins. Luckily no access was granted as the targeted accounts locked themselves almost immediately. We work closely with the NCSC also and they have quite a lot of good tools e.g. early warning service, logging made easy, etc so it may be worth checking those out. Thanks, Kieran. Kieran Little IS Support Technician (Solutions Design Assurance) Information Services Northumberland County Council County Hall Morpeth NE61 2EF tel: 01670 623699 Mobile: 07966325130 Chat in teams Email: kieran.little@northumberland.gov.uk Website: www.northumberland.gov.uk -----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 11 April 2021 17:19 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Security. Open conversation among system administrators? Good afternoon, Security is a huge concern for me at the moment. Two institutions in Ireland were targeted with Ryuk over the past few weeks. I have no doubt that there are malicious acters targeting the institution I work for right now. I was wondering if a few of you would be up for a conversation via Zoom or Teams in the coming days. I can explain what we have done and what we are continuing to do to protect ourselves. You can do the same. Some of what we are doing might overlap but potentially we all might get a few new ideas. My infrastructure might be considered legacy compared to some. I'm still using on-prem systems for the most part. But I have some cloud based services as well. All system admins / architects would be welcome. Perhaps Wednesday at 10pm gmt? I don't know what that is in other time zones. But it's probably around 6pm eastern. Regards Darragh Ó Héiligh Performing, Promoting and Sharing traditional Irish music Performance: https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.darraghpipes.ie%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ThSNmb196ym4zG1rlajAZFEJKjfifWmte3jcDRedgic%3D&reserved=0<https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.darraghpipes.ie%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ThSNmb196ym4zG1rlajAZFEJKjfifWmte3jcDRedgic%3D&reserved=0> Music at the Gate: https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.musicatthegate.ie%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ouS43BZwF0m%2FAB8BUuRquDiI6aGOK7KOPmS6vMHROB8%3D&reserved=0<https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.musicatthegate.ie%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ouS43BZwF0m%2FAB8BUuRquDiI6aGOK7KOPmS6vMHROB8%3D&reserved=0> Ceol FM: https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ceol.fm%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5ueHKhz1boa8QQOkSeG63gFQZt0tbxSZF%2BPYnr9c4vE%3D&reserved=0<https://gbr01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ceol.fm%2F&data=04%7C01%7Ckieran.little%40northumberland.gov.uk%7C2d3d98b5a4d24a8c728108d8fd059a9e%7Cbb13a9de829042f0a980dc3bdfe70f40%7C0%7C0%7C637537547794353744%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5ueHKhz1boa8QQOkSeG63gFQZt0tbxSZF%2BPYnr9c4vE%3D&reserved=0> Tel: 00353(0)877670464 Email: darragh@ceol.fm _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org Save Time Do It Online! We have made a few key improvements to our site to make our services easy to access. Now you can do everything from paying your council tax, to reporting a faulty street light online. Go to: www.northumberland.gov.uk and click 'pay, apply or report' to access the relevant forms. This email is intended solely for the individual or individuals to whom it is addressed, and may contain confidential and/or privileged material. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this email is prohibited. If you receive this email in error, please contact the sender and delete the email from any computer. All email communication may be subject to recording and/or monitoring in accordance with internal policy and relevant legislation. [Northumberland County Council Stay Home]