Quick look at Azure Firewall

When you’ve heard of cloud firewall, it’d be often referred to a back-end hardware based firewall to protect underlying cloud infrastructure from network attack. Azure Firewall is not an exceptional one. First time getting introduced, you’d think it’s kind of magical & intelligent firewall Microsoft is using to protect its huge cloud infrastructure all over the world. In fact, Azure Firewall is not that thought.  Azure Firewall is a managed service offered to customer cloud tenant to help them better control and manage network traffic in a single place.

Today Microsoft announced Azure Firewall being gone through public preview. This article is going to provide a quick look at Azure Firewall. It also gives a guidance on how to set up and test Azure Firewall.

(more…)

Microsoft MVP for the 8th year

I’m humbly excited today to have received an email from Microsoft saying that I’m awarded MVP.  The big change among the other times is the category which is Microsoft Azure. If you are an avid reader of my blog, you already knew that in my quick review of 2017 I shared my plan moving forward in 2018 which would strongly focus on Microsoft Azure.

(more…)

Defend your Azure virtual network with Defense In Depth strategy

Network is a heart of every system no matter where it is. If you happen to study OSI model, you would know how imperative it is to your system. Within a web application you write, for instance, before an HTTP request initiates, the network must be established first, then the HTTP request can hit to the application at Layer 7. With that in mind, when building a system on the cloud, we must protect the network.

There are several methodologies to getting started with protecting virtual network. In this article, I’d like to introduce Defense In Depth which is one of common security countermeasures to protect digital assets in a system. Like the title, this article gives you essential knowledge of defense in depth approach to defending your Azure virtual network.

(more…)

Quick look at Attack Simulator on Office 365

Brute-force attack and email phishing get their age, but never be considered old techniques in security. The two techniques target primarily to vulnerable system and especially to non-technical users who have no awareness of security. Specific to Office 365 which is widely being used by millions of people, the target to such a collaborative environment is exponentially increasing every day.

(more…)

Azure Blobs vs. Azure Files Decision Considerations

We all know cloud computing like Microsoft Azure offers you several ways to store data. And even choosing wrong services, thanks to its agility you would be still able to migrate to the right things. That is from technical possibility perspective. From business perspective, wrong decision would make an impact on financial and long-term plan of transition. Like resizing virtual machine I wrote here, it is so easy to change to the designated virtual machine to meet your demand without any data loss (as long as you don’t store your data in temporary drive)

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 5

We have gone through 5 articles about Azure Key Vault REST API in which we explored the possibility of working with Azure Key Vault REST API, specific to Vault and Secret. We also realized just ‘a bit‘ about how unclear Key Vault REST API documentation is. There are a few obsolete information. Some are missing or unclear of parameters we need to pass to the request body.

As planned, this article will give you some information related to Azure Key Vault recovery generally at first. It will then provide some uses of REST API to work with backup/restore and recovery for Vault and Secret.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 4.1

I thought I would have a new title for this article as it is not going to cover the use of HttpClient and Key Vault REST API. Spent a little bit of time thinking, I decided to let it be part of the series to show you a few funny things around Azure Key Vault certificate in a secret store. Don’t mind the version 4.1 as it’s just a number!

This article somewhat covers scenarios and biased reasons as to why you might need to store your certificates to Secret store instead of Keys or Certificates. It also shows a proof that my certificate’s password was stripped which would potentially results to security threat.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 4

The Part 2 in Some fun with Azure Key Vault REST API and HttpClient series provides simple guidance on how to create a new fresh secret without creating a new version of existing secret under a specified vault in Azure Key Vault. So far, what we have been using is only HttpClient with Azure Key Vault REST API.

You might ask if you can store a certificate as secret in a key vault and how to retrieve it. If so, this article is for you.

(more…)

Some fun with Azure Key Vault REST API and HttpClient – Part 3

After two articles doing some fun with Azure Key Vault REST API and HttpClient, I’ve got some requests to add more things to work with vault, for example listing all existing vaults under a given subscription, or deleting a vault.

In this article, let’s explore all the operations which you can work through Azure Key Vault REST API for Vault.

(more…)

© 2018 The Soldier of Fortune.