Mark J. Price on LinkedIn: On May 14, 2024: - .NET 6 started its maintenance support phase. - .NET 7… (2024)

Mastering .NET Framework 4.0 Security: Best Practices & Automation: Discover essential security practices for Microsoft .NET Framework 4.0, backed by automation scripts, to safeguard your applications and data integrity. #worldnews #2023

Title: Revised Security Update Guide of CVE’s from Microsoft (May 15, 2024)These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:CVE-2024-30009Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityVersion: 1.1Reason for revision: Removed one of the FAQs. This is an information change only.Originally released: May 14, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: ImportantCVE-2024-30041Title: Microsoft Bing Search Spoofing VulnerabilityVersion: 1.1Reason for revision: Updated the build numbers. This is an informational update only.Originally released: May 14, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: ImportantCVE-2024-30044Title: Microsoft SharePoint Server Remote Code Execution VulnerabilityVersion: 1.1Reason for revision: Added an FAQ and updated the CVSS score. This is an informational change only.Originally released: May 14, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: CriticalCVE-2024-30046Title: Visual Studio Denial of Service VulnerabilityVersion: 2.0Reason for revision: The following corrctions have been made: 1) Revised the Security Updates table to include .NET 7.0 and .NET 8.0 because these versions of .NET are affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. 2) Updated title to include .NET. This is an informational change only.Originally released: May 14, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: ImportantCVE-2024-30053Title: Azure Migrate Cross-Site Scripting VulnerabilityVersion: 1.1Reason for revision: Updated FAQ information. This is an informational change only.Originally released: May 14, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: ImportantCVE-2024-30055Title: Microsoft Edge (Chromium-based) Spoofing VulnerabilityVersion: 1.1Reason for revision: Updated CWE value. This is an informational change only.Originally released: May 10, 2024Last updated: May 15, 2024Aggregate CVE Severity Rating: Low

3

Mastering .NET Framework 4.0 Security: Best Practices & Automation: Discover essential security practices for Microsoft .NET Framework 4.0, backed by automation scripts, to safeguard your applications and data integrity. #internationalnews #news #worldnews

Mastering .NET Framework 4.0 Security: Best Practices & Automation: Discover essential security practices for Microsoft .NET Framework 4.0, backed by automation scripts, to safeguard your applications and data integrity.

# Day 22What is a Server?- A serveris a computerprogram or a devicethat provides functionality for called clients which are other programs or devices.- This architecture is called theclient–server model.- These services includesharing data or resourcesamong multiple clients, or performing computation for a client.- Most frequently client–server systems are implemented by therequest–response model., i.e., a client sends a request to the server. Types of Servers :-1. Proxy Server :- Intermediate server between the client and the origin.- It acts as additional security, caching services, administrative control and content control and filtering.2. Mail Server :- It sends, receives and stores emails.- It handles the routing of emails between different mail servers.- Provides access to email accounts for clients like webmail, email clients and mobile devices.3. Web Server :- Delivers web content through HTTP requests and responses.- Communicates with web browsers.- It can store and protect web data.4. Application Server :- It hosts the application upon which web application or desktop applications run.- It consists of web server connector, computer programming language, database connector, runtime libraries and the Administration code.5. DNS Server :- It translates domain names into IP addresses.- Acts like an IP address book for the internet.- Includes server subtypes such as Rootservers, Authoritative Name servers and Resolver servers.6. Virtual Server :- Runs on virtualization platform.- Enables multiple isolated systems (VM's) to share the same physical server resources.- Helps in scalability, resource utilization and network resources.7. Database Server :- It stores, manages, and provides access to databases.- It uses SQL for data manipulation and retrieval.- Ensures consistency and integrity of the data, provides concurrent access to multiple users.#day22 #servers #typesofservers #proxy #database #dns #web #application #mail #informationsecurity #networking #cybersecurity #100daysoflearning #100daysofcybersecurity

2

What is SSO (Single Sign-On)?..Basically, Single Sign-On (SSO) is an authentication scheme. It allows a user to log in to different systems using a single ID.The diagram below illustrates how SSO works.Step 1: A user visits Gmail, or any email service. Gmail finds the user is not logged in and so redirects them to the SSO authentication server, which also finds the user is not logged in. As a result, the user is redirected to the SSO login page, where they enter their login credentials.Steps 2-3: The SSO authentication server validates the credentials, creates the global session for the user, and creates a token.Steps 4-7: Gmail validates the token in the SSO authentication server. The authentication server registers the Gmail system, and returns “valid.” Gmail returns the protected resource to the user.Step 8: From Gmail, the user navigates to another Google-owned website, for example, YouTube. Steps 9-10: YouTube finds the user is not logged in, and then requests authentication. The SSO authentication server finds the user is already logged in and returns the token.Step 11-14: YouTube validates the token in the SSO authentication server. The authentication server registers the YouTube system, and returns “valid.” YouTube returns the protected resource to the user.The process is complete and the user gets back access to their account.Over to you: Question 1: have you implemented SSO in your projects? What is the most difficult part?Question 2: what’s your favorite sign-in method and why?–Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages):

47

An IT take on the 5 P's.Proper Patching Prevents Poor Performance Making sure you have a way to stay up to date with all available software patches for any software suites your company uses is critical.Give me a call to find out how ITSecureNow can be a guide towards reaching this goal.614-206-5383

Great Insights

1

Operating a web server as the root user is often discouraged due to security reasons, a fact most of us are aware of. However, a less known yet critical concern caught my attention while working with a Django-Gunicorn-Nginx deployment.Here's the twist: imagine your project is situated in a folder owned by the root user. The folder's root ownership can be a default setting if you only have a root user on your system, implying your home location (~) is owned by the root user.Now, despite correctly configuring the files and diligently taking measures to pass static handling to Nginx, you find that Nginx is unable to access the catalogues. The reason? It attempts to do so as a www-data user, not the root. This leads to a predicament where your well-configured server can't handle the project's static!The solution I identified was to shift the content to a non-root folder, outside the home directory, but, nevertheless, this experience amplified an important insight: it's beneficial to create a non-root user for your server. Regardless of whether you're performing a quick-hand deployment, this measure can save significant troubleshooting time, as the error messages in such scenarios can be highly uninformative.

1