Category: CyberSecurity

Hardened Azure Virtual Machine Deployment

During my time working with the Government Cloud, I recognized that every on-boarding virtual machine after successfully provisioned needed to apply a script called hardening. Digging into this script, I realized that it contained many security configuration policies. When running this script, Windows will automatically configure Local Security Policy and built-in advanced firewall (for Windows Server).


Involve security consulting partner for vulnerability assessment on Azure

Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow Qualys to support you.


Protecting your Azure virtual machine with Disk Encryption

The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.


DMZ Implementation on Microsoft Azure

When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it a very sensitive military zone you should not step into?

In the field of security, DMZ is a separate zone which is not associated to a private or trusted network. It simply stands alone to isolate from your private network to untrusted network. It is difficult to measure the level of trust. Untrusted network is the one which you have very low trust.


Quick notes about self-signed certificate with Point-to-Site Azure VPN

Connecting directly through RDP to your system is not recommended in a practical security. It is because the RDP connection goes through the Internet which is weak. To add more extra layer of security, you should set up a jump virtual machine (as known as bastion host) which connects privately to your system via Point-to-site VPN. The illustration below shows you the setup target. In this setup, there is a virtual machine which resides in a different virtual network to connect to your private network. There is a Point-to-site connection between the jump virtual network and your private virtual network to secure the connection.


Four security principles I believe myself

Last month at the Global Azure Bootcamp 2017 in Microsoft Singapore, I presented with folks several security practices along with applying defense in depth strategy to secure your Azure IaaS deployment. In the presentation, I shared four security principles I have found myself during the time working with computer.


© 2018 The Soldier of Fortune.