Tag: azure security

Defend your Azure virtual network with Defense In Depth strategy

Network is a heart of every system no matter where it is. If you happen to study OSI model, you would know how imperative it is to your system. Within a web application you write, for instance, before an HTTP request initiates, the network must be established first, then the HTTP request can hit to the application at Layer 7. With that in mind, when building a system on the cloud, we must protect the network.

There are several methodologies to getting started with protecting virtual network. In this article, I’d like to introduce Defense In Depth which is one of common security countermeasures to protect digital assets in a system. Like the title, this article gives you essential knowledge of defense in depth approach to defending your Azure virtual network.

(more…)

Getting Azure AD access token via REST Call

Part of Azure experiment, one of my colleagues started playing with Azure API Management last week. He was interested with what I introduced about the service, including API gateway, API publishing portal to readable policies to manipulate inbound request before back-end hit. He also loved to work with API call via REST because API is a flexible way of touching Azure resources through pure HTTP request, without installing any specific library.

(more…)

Connect to Azure AD using Microsoft Account with PowerShell

Microsoft Account is considered not an internal account given to Microsoft employee. Microsoft account is associated to external services such as Live Mail, Skype, Xbox or so on. When connecting to Azure AD with Microsoft Account (e.g. LiveID) , you might be get started with Connect-AzureAD  to get the tenant ID. Below screen is what you might get.

(more…)

A little more about hardened Azure VM deployment

One of my Azure security related articles provided step-by-step guidance on how to use Azure Automation with Desired State Configuration (DSC) to deploy security policy on multiple Azure VMs. Instead of clear explanation, the article was just written in a format of step-by-step. Hence, I’ve received some requests to elaborate more about this article so it is fully useful to readers. If you haven’t had a chance to read the article, here you go.

(more…)

Hardened Azure Virtual Machine Deployment

During my time working with the Government Cloud, I recognized that every on-boarding virtual machine after successfully provisioned needed to apply a script called hardening. Digging into this script, I realized that it contained many security configuration policies. When running this script, Windows will automatically configure Local Security Policy and built-in advanced firewall (for Windows Server).

(more…)

Involve security consulting partner for vulnerability assessment on Azure

Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow Qualys to support you.

(more…)

A little experience writing for Amazon KDP

Microsoft Azure IaaS Defense in Depth” is the very first book I wrote myself became commercial on Amazon Store. This book is published through Amazon Kindle Direct Publishing. I got a few requests from fellow MVPs in the community regarding my experience with Amazon KDP and why I didn’t go with a good publisher. In this article, I’d like to share a little experience during my time working on my book authoring.

(more…)

Protecting your Azure virtual machine with Disk Encryption

The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.

(more…)

DMZ Implementation on Microsoft Azure

When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it a very sensitive military zone you should not step into?

In the field of security, DMZ is a separate zone which is not associated to a private or trusted network. It simply stands alone to isolate from your private network to untrusted network. It is difficult to measure the level of trust. Untrusted network is the one which you have very low trust.

(more…)

© 2018 The Soldier of Fortune.