I promised myself regardless of the result between Vietnam and Uzbekistan in the final match of AFC U23 Championship 2018, I would publish my 350-page book I wrote and sold on Amazon market. The eBook has been sold over 60 copies since the release date. For those who don’t know the book, here is the introduction.
Part of Azure experiment, one of my colleagues started playing with Azure API Management last week. He was interested with what I introduced about the service, including API gateway, API publishing portal to readable policies to manipulate inbound request before back-end hit. He also loved to work with API call via REST because API is a flexible way of touching Azure resources through pure HTTP request, without installing any specific library.
Microsoft Account is considered not an internal account given to Microsoft employee. Microsoft account is associated to external services such as Live Mail, Skype, Xbox or so on. When connecting to Azure AD with Microsoft Account (e.g. LiveID) , you might be get started with Connect-AzureAD to get the tenant ID. Below screen is what you might get.
One of my Azure security related articles provided step-by-step guidance on how to use Azure Automation with Desired State Configuration (DSC) to deploy security policy on multiple Azure VMs. Instead of clear explanation, the article was just written in a format of step-by-step. Hence, I’ve received some requests to elaborate more about this article so it is fully useful to readers. If you haven’t had a chance to read the article, here you go.
During my time working with the Government Cloud, I recognized that every on-boarding virtual machine after successfully provisioned needed to apply a script called hardening. Digging into this script, I realized that it contained many security configuration policies. When running this script, Windows will automatically configure Local Security Policy and built-in advanced firewall (for Windows Server).
Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow Qualys to support you.
“Microsoft Azure IaaS Defense in Depth” is the very first book I wrote myself became commercial on Amazon Store. This book is published through Amazon Kindle Direct Publishing. I got a few requests from fellow MVPs in the community regarding my experience with Amazon KDP and why I didn’t go with a good publisher. In this article, I’d like to share a little experience during my time working on my book authoring.
The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.
When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it a very sensitive military zone you should not step into?
In the field of security, DMZ is a separate zone which is not associated to a private or trusted network. It simply stands alone to isolate from your private network to untrusted network. It is difficult to measure the level of trust. Untrusted network is the one which you have very low trust.
Brute-force attack is simply to continuously attempt to discover your password by combining all possible passwords it can guess. That said, human can guess a password by trying to brainstorm all possibilities such as birthday, girlfriend name, a memorable location or even a combination of birthday and full name. The problem is that our brain cannot come up with a million of guesses and type the guessed password into the login form. Unless you are so-called a time-billionaire. With a tool, it can guess and automatically fill into the login form. Whenever it receives a message like “Successful login” it will stop the guessing process.