I am pretty sure you’ve heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches “soon” (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE and Android Enterprise is it easy!(more…)
VMware UAG (Unified Access Gateway) is a cool little security appliance, deployable on vSphere, AWS, Azure etc that hosts a lot of Workspace ONE edge services: Horizon Proxy, Web Reverse Proxy, Tunnel VPN Gateway, Content Gateway and (since 3.6) the Secure Email Gateway. The challenge is that the thing was built to be headless and super-secure, which means it is almost bare inside. And this is not helpful when troubleshooting.
While watching a VMworld 2019 Session (links at the bottom) I’ve found out that there is actually a hidden tcpdump and ethtool installer, which was first made for our own support services, but is generally available for everyone now.
All you need to do is invoke /etc/vmware/gss-support/install.sh command from the UAG CLI. Of course, it is highly advisable to remove the tools once the troubleshooting is done via /etc/vmware/gss-support/uninstall.sh !
In case you need a refreshed on TCPdump and ETHtool:
With TCPdump I usually prefer capturing everything into a PCAP file and then loading in WireShark for analysis. Now we only need NetCat to be able to stream it conveniently to a remote host.
That is it for today – enjoy, and let me know if it was helpful!
In the last several weeks a number of bugs were found in Apple’s iOS, MacOS and protocols. This had coincided with a partner workshop last Friday, where the decisive argument was “Have you ever heard of an Antivirus for an iPhone“.
Apple is well known for refusing to publish any details behind the inner workings of its solutions, locking everything that may be locked down and suing all those who try to work around those limitations..(more…)
Every WWDC has a session called What’s New in Managing Apple Devices. This year’s one was no exception. During this session Apple presented they new take on BYOD called User Enrollment. Here’s my brief analysis and comparison with Android Enterprise. Links to the source video, slide deck and some other useful resources are below.
TL:DR : Good stuff, but fell short.
During the Android Enterprise Partner Summit 2019 London (watch the link for the presentation decks when they come out) Google had shown some interesting graphs and charts based on their own stats and the research that HMD Global (Nokia) did in 2018. You can read the research for full details, and the rest of the pics are below. Sorry for the quality – those are photos from a fairly weird projection screen.
I don’t have much time to write long posts so will stick to the shorter format for the time being.(more…)
Note that the technical threats begin at position number 7! But the top 6 are dominated by the threats based on the user behaviour (and the lack of proper tools/policies that allow such behaviour)!
Why does that happen? What can be done? Read on to learn more and see some Dilbert!(more…)
Everyone likes the idea of Device Compliance checks. It allows us to differentiate between Company-issues, BYOD-enrolled, private and totally foreign devices, assess their security posture and execute access decisions based on this vital data, expanding our Conditional Access options. It is also extremely easy to use, just like that (VIDM Admin Console):
Wrong! Try it yourself and see if it works. In this post we will discuss some of the less obvious, but perfectly logical restrictions that Device Compliance imposes on your selection of authentication methods.(more…)