Tag: azure security

My upcoming book about Azure IaaS Defense in Depth

If you are an avid reader of my blog, you may realize that every recent article related to Azure IaaS security these days includes an introduction of my upcoming book titled “Microsoft Azure IaaS Defense in Depth Guide“. This book will cover common security design consideration and guidance on how to apply defense in depth strategy to your system hosted on Microsoft Azure IaaS. You will also learn number of different security practices along with Microsoft Azure built-in features to prevent common attacks (e.g. brute-force attack, DDoS, surface attack). It is not only written for the audience of Azure IT Pro, but also for anyone who is going to move or deploy an infrastructure onto Microsoft Azure. This book will also provide you a serial hands-on lab on building a production-like protected SharePoint Server 2013 farm on Microsoft Azure which can be beneficial to absolute beginner in order to quickly adopt Azure IaaS knowledge before taking off with Microsoft Azure journey.

(more…)

Why is SharePoint on Azure IaaS still a good consideration?

SharePoint has been a “virtual” companion of my journey since 2008. I do not know how passionate I’m with SharePoint, but when people negatively state that SharePoint is dead I often raise objection against that statement. If you are working with SharePoint, following updates from Microsoft and the community, you probably know that Microsoft still invest on its collaboration platform. However, the investment budget is allocated towards SharePoint Online to strengthen Microsoft Cloud ecosystem. It does not mean the on-premises version is not Microsoft priority. There are massive number of SharePoint on-premises out there in the market. On-premises deployment still has a room in my opinion. The last version of Microsoft SharePoint for on-premises is SharePoint Server 2016, offering several significant improvements upon customer’s voice and demand Microsoft has received since 2013.

(more…)

Quick notes about self-signed certificate with Point-to-Site Azure VPN

Connecting directly through RDP to your system is not recommended in a practical security. It is because the RDP connection goes through the Internet which is weak. To add more extra layer of security, you should set up a jump virtual machine (as known as bastion host) which connects privately to your system via Point-to-site VPN. The illustration below shows you the setup target. In this setup, there is a virtual machine which resides in a different virtual network to connect to your private network. There is a Point-to-site connection between the jump virtual network and your private virtual network to secure the connection.

(more…)

Four security principles I believe myself

Last month at the Global Azure Bootcamp 2017 in Microsoft Singapore, I presented with folks several security practices along with applying defense in depth strategy to secure your Azure IaaS deployment. In the presentation, I shared four security principles I have found myself during the time working with computer.

(more…)

Enable Multi-factor authentication on the Azure Management Portal

Multi-factor authentication means by its name, giving one more step of authentication to protect your account.  The authentication step can be a time-based one-time password sent from a cloud authentication provider such as Google Authenticator, Microsoft Authenticator. The authentication step can also be a one-time code generated from an immediate authentication server sent to your email or your mobile phone in form of SMS message. Sometimes you can see it in form of biology i.e. fingerprint. Whatever it is, after you enter your username and password in such a traditional way, you still need another step to completely get authenticated before having access to your resources. Multi-factor authentication is commonly required in security policy in medium to large organizations, including governmental environment.

(more…)

What is securitydata resource group in Microsoft Azure?

If you happen to see a strange securitydata resource group in your Azure subscription, you would be pretty much surprised what the heck it is. You would be angry on someone in your cloud team if the Azure subscription is shared to every member. Even you think of the subscription being hacked by somebody else then you would delete this resource group then change your password. Congrats on having a seriously security awareness which has to be required today in the digital transformation.

(more…)

© 2018 The Soldier of Fortune.