2021-W39 update from anDREa
myDRE & Security
by Sarang
Before you read this section:
myDRE is not vulnerable to the threat below, your data and account is well protected against the threat below.
From time to time scary articles pop-up like:
The article describes a method of attack that is currently pretty much a matter of how much time and money an attacker puts into it; an attack that goes unnoticed and unlogged. For us always a trigger to verify if we are vulnerable and even when not, if there is something to be learned
There are some layers of protection on myDRE that we have put in-place:
- All the Workspaces are AADDS joined and not AAD; see also differences
- The vulnerability mentioned in the article was on AAD, not AADDS
- Though MFA is enforced every 24h, this is no protection against the mentioned threat
- Not allowing trusted devices (global policy on myDRE is not to allow trusted devices/seamless Single Sign On (SSO)) is a protection against the threats mentioned in the article
- Though not applicable for myDRE uses AADDS, like mentioned earlier, we also use this kind of information to see if we can learn something.
To reiterate: the threat in the article mentioned is a serious one, but, the mentioned threat is not applicable for myDRE as the platform uses AADDS to authenticate users and not Seamless SSO, like mentioned earlier, we also use this kind of information to see if we can learn something.
Bug Fixes
- Recently we announced that workspaces using the Radboudumc license server for Matlab were experiencing license errors. For the complete announcement see: Matlab license issue. We're happy that we found the cause and have tested the solution for ourselves. The issue can, for now, be fixed manually by anDREa's Support Team. Please let us know if it is or is not working for you.
Related Articles
2021-W51 anDREa Update
Last weekly update from anDREa in 2021 The current year has been an exciting year for anDREa. Quite some researchers have been using the platform since the researchenvironment.org days, the DRE on the Radboudumc Azure cloud. In March 2021, mydre.org ...
2021-W33 Update from anDREa
This should be the first of many where we will update you on released and upcoming features, things that are happening at anDREa, etc. Recently added features/improvements Type Description Bug Daily snapshot missing on some of the new and migrated ...
2021-W34 Update from anDREa
General Holidays affect the development capacity, but we're moving nicely forward. The good thing is that Microsoft sent us an Azure Sponsorship Offer that will help to move some backend improvements forward. One such thing is multi-region support. ...
2021-W51 anDREa Update
We have published a new weekly update with the following topics: Last weekly update of anDREa in 2021 *** DRE support out-of-office during holiday period *** Spot Virtual Machines are available *** Bug fix Read more at: 2021-W51 anDREa Update.
2021-W50 anDREa Update
We have published a new weekly update: myDRE NOT vulnerable for CVE-2021-4428 - Apache Log4J2 *** Issues reported regarding resizing VMs *** anDREa FAQ *** Bug fixes Read more at: 2021-W49 anDREa Update.