What We're Working On for SAM (Updated: January 30, 2023)

sturdyerde Can you elaborate on this recommendation a bit more? I'm not terribly familiar with reverse proxies, but I know our infrastructure team is implementing MFA in front of things like our Office 365 and our VPN. I'd love to increase the security of our Orion instance to allow it to be internet facing.

While a tiny part of me is disappointed to know that we shouldn't expect new features in SAM this year, I am still very excited to see this work being done. These are very important steps that in the end, will help make sure that both your company and my company stay out of the [breach] news! Will there be a clear publication and announcement of the new LUP documentation that comes out?

Just curious, what is the use case for making such a sensitive system accessible publicly on the internet? If you do, a CAPTCHA won't do very much to protect you from malicious actors who want to break in. I would highly suggest using a web application firewall and a reverse proxy to protect access to Orion. In your reverse proxy, use one that allows you to inject a login page with ties to MFA (multi-factor authentication). This will offer far more protection than a CAPTCHA, and would also separate attackers from the actual IIS attack surface.

Hi, My infosec is asking to include captcha on login page if I need to access the website on internet, please add this in your roadmap.

Any plans allow 3rd party 2factor auth like Symantec VIP?