Educause Security Discussion mailing list archives
Re: [EXTERNAL] [SECURITY] Shared drives folders
From: Scott Norton <dsnorton () UW EDU>
Date: Wed, 7 Oct 2020 16:48:16 +0000
Microsoft is also ahead on recovery from ransom attacks. Users can easily role back files in ODfB to a state on a date before the attack. Google doesn’t provide a solution for bulk rollback of files, so you have to build your own using the API. The situation with Google is further complicated by API throttling and lots of common errors that need to be handled. Also be forewarned that if you allow access to your Google Shared Drive outside your organization you will also be susceptible to transfer of ownership attacks whereby they make the only manager of a Shared Drive an external account. Though if it is moved to a consumer identity it is recoverable using the API. (May also be the case with an identity from an outside enterprise service, but I have not been able to verify that is the case when the user it is transferred to has rights to use Shared Drives.) In a recent incident, it took us about 2 weeks running a lot of script instances in parallel to regain control of around 3K shared drives. We are using Microsoft Cloud App and Azure Sentinel to monitor our Google services, but unfortunately it is not grabbing the audit data we need to trigger alerts on this. We are working on getting the shared drive manager change audits into Sentinel so we get alerted to when an external Google account is made a manager. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Nathan Phillips Sent: Wednesday, October 7, 2020 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] [EXTERNAL] [SECURITY] Shared drives folders We moved to Google Shared Drives. However, I saw the Zero trust webinar yesterday sponsored by Microsoft and I thought it was very compelling. It feels like they are ahead of google in security issues (at least in terms of what my institution could deploy). I’m curious if I am simply susceptible to good presentation or if there’s accuracy in my “feelings” (lol, maybe it’s obvious I’m not a security professional since I’m relying on my feelings). But getting off-prem seems to be a good first step, regardless (all things being equal). -Nathan -------------------------------------------------------- Nathan Phillips, CIO American College of Healthcare Sciences Portland, Oregon -------------------------------------------------------- On Oct 7, 2020, at 9:09 AM, Mark Reboli <mreboli () MISERICORDIA EDU<mailto:mreboli () MISERICORDIA EDU>> wrote: That was the perfect answer. Getting some push back so glad others are trying to do the same. M From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Smith, Jason Sent: Wednesday, October 7, 2020 11:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [EXTERNAL] [SECURITY] Shared drives folders External Email: Do not click any links or open any attachments unless you trust the sender and know the content is safe. Perhaps not the answer you’re looking for, but in short: Migrating them to Microsoft Teams. Jason E. Smith, MS PMP CPHIMS CSM Director of IT, Bon Secours Memorial College 8550 Magellan Parkway #1100, Richmond, VA 23227 [cid:image001.png@01D69C8C.A1CBA280] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Mark Reboli Sent: Wednesday, October 7, 2020 11:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [EXTERNAL] [SECURITY] Shared drives folders [Warning: This email originated outside our organization's email system. Be wary of links and attachments unless you recognize the sender. Never share your username or password.] Looking to see how people are addressing shared drives on and off premise access in light of ransomware spread and cybersecurity requirements. If you can provide any suggestion please let me know what you are doing from your perspective. If you would like to discuss offline please know that I am more than happy and thankful for the discussion M Mark Reboli Network/Telecom/IT Security Manager Misericordia University (570) 674-6753 This e-mail and accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C1589821f51294ceca08408d86add0fc5%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637376844973771569&sdata=mfuRZfk97B5ZfKCPcwoavpNnOUlh%2BqGUmqmuyT5OmgQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C1589821f51294ceca08408d86add0fc5%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637376844973771569&sdata=mfuRZfk97B5ZfKCPcwoavpNnOUlh%2BqGUmqmuyT5OmgQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C1589821f51294ceca08408d86add0fc5%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637376844973781564&sdata=m4o7zX9Kh5vxHNj%2B5yBc3R%2FBCoFqZ0puKThB%2FSPc1Xg%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C1589821f51294ceca08408d86add0fc5%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C0%7C637376844973781564&sdata=m4o7zX9Kh5vxHNj%2B5yBc3R%2FBCoFqZ0puKThB%2FSPc1Xg%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Shared drives folders Mark Reboli (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Smith, Jason (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Mark Reboli (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Nathan Phillips (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Scott Norton (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Mark Reboli (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Dave Broucek (Oct 07)
- Re: [EXTERNAL] [SECURITY] Shared drives folders Smith, Jason (Oct 07)