Defend your Azure virtual network with Defense In Depth strategy

Network is a heart of every system no matter where it is. If you happen to study OSI model, you would know how imperative it is to your system. Within a web application you write, for instance, before an HTTP request initiates, the network must be established first, then the HTTP request can hit to the application at Layer 7. With that in mind, when building a system on the cloud, we must protect the network.

There are several methodologies to getting started with protecting virtual network. In this article, I’d like to introduce Defense In Depth which is one of common security countermeasures to protect digital assets in a system. Like the title, this article gives you essential knowledge of defense in depth approach to defending your Azure virtual network.

(more…)

Quick look at Attack Simulator on Office 365

Brute-force attack and email phishing get their age, but never be considered old techniques in security. The two techniques target primarily to vulnerable system and especially to non-technical users who have no awareness of security. Specific to Office 365 which is widely being used by millions of people, the target to such a collaborative environment is exponentially increasing every day.

(more…)

Azure Blobs vs. Azure Files Decision Considerations

We all know cloud computing like Microsoft Azure offers you several ways to store data. And even choosing wrong services, thanks to its agility you would be still able to migrate to the right things. That is from technical possibility perspective. From business perspective, wrong decision would make an impact on financial and long-term plan of transition. Like resizing virtual machine I wrote here, it is so easy to change to the designated virtual machine to meet your demand without any data loss (as long as you don’t store your data in temporary drive)

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 5

We have gone through 5 articles about Azure Key Vault REST API in which we explored the possibility of working with Azure Key Vault REST API, specific to Vault and Secret. We also realized just ‘a bit‘ about how unclear Key Vault REST API documentation is. There are a few obsolete information. Some are missing or unclear of parameters we need to pass to the request body.

As planned, this article will give you some information related to Azure Key Vault recovery generally at first. It will then provide some uses of REST API to work with backup/restore and recovery for Vault and Secret.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 4.1

I thought I would have a new title for this article as it is not going to cover the use of HttpClient and Key Vault REST API. Spent a little bit of time thinking, I decided to let it be part of the series to show you a few funny things around Azure Key Vault certificate in a secret store. Don’t mind the version 4.1 as it’s just a number!

This article somewhat covers scenarios and biased reasons as to why you might need to store your certificates to Secret store instead of Keys or Certificates. It also shows a proof that my certificate’s password was stripped which would potentially results to security threat.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 4

The Part 2 in Some fun with Azure Key Vault REST API and HttpClient series provides simple guidance on how to create a new fresh secret without creating a new version of existing secret under a specified vault in Azure Key Vault. So far, what we have been using is only HttpClient with Azure Key Vault REST API.

You might ask if you can store a certificate as secret in a key vault and how to retrieve it. If so, this article is for you.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 3

After two articles doing some fun with Azure Key Vault REST API and HttpClient, I’ve got some requests to add more things to work with vault, for example listing all existing vaults under a given subscription, or deleting a vault.

In this article, let’s explore all the operations which you can work through Azure Key Vault REST API for Vault.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 2

In previous article, I demonstrated how to use HttpClient to work with Azure Key Vault REST API. With this approach, you shouldn’t worry about your programming language skills. What I meant was that you could even use Python, for instance, to make a HttpClient object and call Azure Key Vault REST API. This approach gives developers more flexibility to work with Microsoft Azure as it does not limit to the platform supportability.

You were learnt by getting started with creating a new key vault which is used to protect your key, secret or certificate. In this article, let’s take some time looking into secret in Azure Key Vault.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 1

Azure Key Vault is not new to Azure developers and architects. It is a cloud-based service to safeguard your sensitive information and crypto implementation and management . Working with Azure Key Vault can be done via Azure Portal, PowerShell or corresponding client libraries. While people may prefer using a specific library (.e.g Azure Key Vault .NET client), I’d prefer practicing with REST API and HttpClient.

Inspired by unclear instruction on using Azure Key Vault REST API, this article is the result of my practice on the REST API and also found some notes around it.

(more…)

© 2018 The Soldier of Fortune.