Tag: azure security

Quick look at Azure Firewall

When you’ve heard of cloud firewall, it’d be often referred to a back-end hardware based firewall to protect underlying cloud infrastructure from network attack. Azure Firewall is not an exceptional one. First time getting introduced, you’d think it’s kind of magical & intelligent firewall Microsoft is using to protect its huge cloud infrastructure all over the world. In fact, Azure Firewall is not that thought.  Azure Firewall is a managed service offered to customer cloud tenant to help them better control and manage network traffic in a single place.

Today Microsoft announced Azure Firewall being gone through public preview. This article is going to provide a quick look at Azure Firewall. It also gives a guidance on how to set up and test Azure Firewall.

(more…)

Defend your Azure virtual network with Defense In Depth strategy

Network is a heart of every system no matter where it is. If you happen to study OSI model, you would know how imperative it is to your system. Within a web application you write, for instance, before an HTTP request initiates, the network must be established first, then the HTTP request can hit to the application at Layer 7. With that in mind, when building a system on the cloud, we must protect the network.

There are several methodologies to getting started with protecting virtual network. In this article, I’d like to introduce Defense In Depth which is one of common security countermeasures to protect digital assets in a system. Like the title, this article gives you essential knowledge of defense in depth approach to defending your Azure virtual network.

(more…)

Getting Azure AD access token via REST Call

Part of Azure experiment, one of my colleagues started playing with Azure API Management last week. He was interested with what I introduced about the service, including API gateway, API publishing portal to readable policies to manipulate inbound request before back-end hit. He also loved to work with API call via REST because API is a flexible way of touching Azure resources through pure HTTP request, without installing any specific library.

(more…)

Connect to Azure AD using Microsoft Account with PowerShell

Microsoft Account is considered not an internal account given to Microsoft employee. Microsoft account is associated to external services such as Live Mail, Skype, Xbox or so on. When connecting to Azure AD with Microsoft Account (e.g. LiveID) , you might be get started with Connect-AzureAD  to get the tenant ID. Below screen is what you might get.

(more…)

A little more about hardened Azure VM deployment

One of my Azure security related articles provided step-by-step guidance on how to use Azure Automation with Desired State Configuration (DSC) to deploy security policy on multiple Azure VMs. Instead of clear explanation, the article was just written in a format of step-by-step. Hence, I’ve received some requests to elaborate more about this article so it is fully useful to readers. If you haven’t had a chance to read the article, here you go.

(more…)

Hardened Azure Virtual Machine Deployment

During my time working with the Government Cloud, I recognized that every on-boarding virtual machine after successfully provisioned needed to apply a script called hardening. Digging into this script, I realized that it contained many security configuration policies. When running this script, Windows will automatically configure Local Security Policy and built-in advanced firewall (for Windows Server).

(more…)

Involve security consulting partner for vulnerability assessment on Azure

Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow Qualys to support you.

(more…)

A little experience writing for Amazon KDP

Microsoft Azure IaaS Defense in Depth” is the very first book I wrote myself became commercial on Amazon Store. This book is published through Amazon Kindle Direct Publishing. I got a few requests from fellow MVPs in the community regarding my experience with Amazon KDP and why I didn’t go with a good publisher. In this article, I’d like to share a little experience during my time working on my book authoring.

(more…)

Protecting your Azure virtual machine with Disk Encryption

The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.

(more…)

© 2018 The Soldier of Fortune.