Wishing you and your loved ones a Merry Christmas filled with joy and laughter.
May the New Year bring you health, happiness, and prosperity and security.

Thank you for your continued support and partnership throughout the year.
We look forward to serving you in the coming year.

Srity Team

Model 1 - Cloud SSO Service with On-Premises Identity Provider: This approach leverages the existing on-premises identity provider such as Microsoft Active Directory, while enabling single sign-on (SSO) for cloud applications. Your company Active Directory solution can then integrate on-premises directories with cloud services, providing a seamless SSO experience.

Model 2 - Standard Public Cloud Identity Provider (IDP): Here, you rely entirely on a cloud-based identity provider, Microsoft Entra, AWS Indentity management or Google Cloud identity . These services manages user identities and access controls natively within your cloud provider environment, simplifying management but requiring a migration of identities from on-premises systems.

Model 3 - Identity Synchronization between On-Premises and Cloud: This hybrid approach synchronizes identities between on-premises directories and cloud identity providers. Tools such as Azure AD Connect, Entra Sync, or Google Cloud Directory Sync ensure consistency of user identities across all environments, enabling unified access management between your on premises and cloud infrastructure.

Model 4 - Dedicated Authentication Solution for Multicloud Environment: To manage identities across on prem and multiple cloud platforms, dedicated solutions such as Okta, Ping Identity, or Auth0 can provide centralized authentication and authorization. These platforms offer robust features for multicloud environments, including single sign-on, multi-factor authentication, and detailed access policies.

Do not hesitate to contact us at info@srity.be if you want a deep dive on the cloud authentication options adapted to your use case.

There is a lot of talk in the last years around multi factor authentication, but seldom the authentication process behind most MFA solution is explained clearly. In this post we want to show a standard MFA authentication process steps. These MFA solutions even if not perfect are cornerstone to improve your security posture but have flaws that will be subject of another of our blog post. 

If you have questions or want need consultancy on implementing MFA in your organisation do not hesitate to contact us at info@srity.be 

Step 1 - Access request  

The user is trying to access a protected resource (for example, a website or an application). 

Step 2 - Entering credentials 

The user enters their credentials, usually a username and password. 

Step 3 -  Transmission of credentials  

Credentials are sent to the authentication server over a secure connection (such as HTTPS). 

Step 4 -  Credential verification   

The authentication server compares the credentials provided with those stored in its database. 

Step 5 – Initial  validation 

If the credentials match, the server validates this first step of authentication. 

Step 6 - MFA triggering  

The server requests a second authentication factor. This can be a code sent by SMS, a push notification on an authenticator app, or biometric data (fingerprint, facial recognition). 

Step 7 - Entering the second factor 

The user provides the required second authentication factor. 

Step 8 - Second Factor Verification 

The server verifies the validity of the second factor. 

Step 9 - Final validation 

If the second factor is correct, the server validates the multi-factor authentication. 

Step 10 - Session Token Generation  

If successful, the server generates a unique session token for the user. 

Step 11 - Sending the token  

The session token is sent to the client (browser or application) and stored, often in the form of a cookie. 

Step 12 – Authorized Access 

The client uses the session token to access protected resources without having to reauthenticate with each request. 

Step 13 - Token Expiration 

The session token has a limited lifetime. Once expired, the user must reauthenticate. 

Windows 11 24H2, also known as the Windows 11 2024 Update, is a significant update to the Windows 11 operating system, released on October 1, 2024. Here is the abstract of the key security enhancement coming from this major update.

1. Sudo for Windows:

• This feature allows users to execute commands with elevated privileges from a standard user account in the Terminal. It mimics the functionality of the sudo command in Unix-based systems, enhancing security by reducing the need for users to log in as administrators. This minimizes the risk of accidental or malicious changes to the system.

2. Voice Clarity:

• Utilizing artificial intelligence, Voice Clarity improves the quality of audio during video calls by filtering out background noise. This ensures that communication is clear and secure, which is particularly important for remote work and virtual meetings where sensitive information might be discussed.

3. Wi-Fi 7 Support:

• Windows 11 24H2 includes support for the upcoming Wi-Fi 7 standard, which offers higher speeds, lower latency, and improved security features. This prepares the system for future hardware and network advancements, ensuring better protection against wireless threats and enhancing overall network security.

4. Energy Saver Mode:

• While primarily designed to reduce power consumption, Energy Saver Mode also limits background activities. By reducing the number of active processes, this mode decreases the attack surface for potential threats, contributing to a more secure operating environment.

5. New Platform Code in Rust:

• Some core components of the Windows platform kernel have been rewritten in the Rust programming language. Rust is known for its memory safety features, which help prevent common vulnerabilities such as buffer overflows and memory leaks. This change enhances the stability and security of the operating system by reducing the likelihood of memory-related bugs.

6. Copilot Changes:

• The Copilot feature has been updated to be more user-friendly and integrated. The Copilot icon is now a regular app taskbar icon, and the window can be resized and overlapped with other app windows, allowing for better multitasking. However, Copilot no longer has PC control capabilities, focusing instead on providing assistance within user applications. This change helps prevent unauthorized system changes and enhances security.

7. Copilot+ PC Exclusives:

• Advanced features such as Live Captions, Cocreator image generation, and Click to Do are now exclusive to Copilot+ PCs. These PCs are equipped to handle AI functions locally, reducing reliance on cloud-based processing. This local processing enhances security by keeping sensitive data on the device rather than transmitting it over the internet

  Please feel free to contact us for more information.