During my time working with the Government Cloud, I recognized that every on-boarding virtual machine after successfully provisioned needed to apply a script called hardening. Digging into this script, I realized that it contained many security configuration policies. When running this script, Windows will automatically configure Local Security Policy and built-in advanced firewall (for Windows Server).
Microsoft excels at building a solid partnership with service companies around the world. You may not know that on Microsoft Azure, you can involve a security consulting partner to help you perform server vulnerability assessment. Moreover, through Azure Security Center, you receive a recommendation in which you are given the opportunity to allow Qualys to support you.
“Microsoft Azure IaaS Defense in Depth” is the very first book I wrote myself became commercial on Amazon Store. This book is published through Amazon Kindle Direct Publishing. I got a few requests from fellow MVPs in the community regarding my experience with Amazon KDP and why I didn’t go with a good publisher. In this article, I’d like to share a little experience during my time working on my book authoring.
The ultimate objective of security was to protect data from any authorized access. Confidentiality should emphasize similarly. Controlling access to virtual machine and data sometimes does not work. Through a local attack, an attacker might have your disk where data is stored. In this situation, adding an extra protection layer by encrypting your disk is always a recommended best practice.
When it comes to network defense, demilitarized zone (DMZ) is thought of first. What is so-called demilitarized zone? Is it a very sensitive military zone you should not step into?
In the field of security, DMZ is a separate zone which is not associated to a private or trusted network. It simply stands alone to isolate from your private network to untrusted network. It is difficult to measure the level of trust. Untrusted network is the one which you have very low trust.
Brute-force attack is simply to continuously attempt to discover your password by combining all possible passwords it can guess. That said, human can guess a password by trying to brainstorm all possibilities such as birthday, girlfriend name, a memorable location or even a combination of birthday and full name. The problem is that our brain cannot come up with a million of guesses and type the guessed password into the login form. Unless you are so-called a time-billionaire. With a tool, it can guess and automatically fill into the login form. Whenever it receives a message like “Successful login” it will stop the guessing process.
If you are an avid reader of my blog, you may realize that every recent article related to Azure IaaS security these days includes an introduction of my upcoming book titled “Microsoft Azure IaaS Defense in Depth Guide“. This book will cover common security design consideration and guidance on how to apply defense in depth strategy to your system hosted on Microsoft Azure IaaS. You will also learn number of different security practices along with Microsoft Azure built-in features to prevent common attacks (e.g. brute-force attack, DDoS, surface attack). It is not only written for the audience of Azure IT Pro, but also for anyone who is going to move or deploy an infrastructure onto Microsoft Azure. This book will also provide you a serial hands-on lab on building a production-like protected SharePoint Server 2013 farm on Microsoft Azure which can be beneficial to absolute beginner in order to quickly adopt Azure IaaS knowledge before taking off with Microsoft Azure journey.
SharePoint has been a “virtual” companion of my journey since 2008. I do not know how passionate I’m with SharePoint, but when people negatively state that SharePoint is dead I often raise objection against that statement. If you are working with SharePoint, following updates from Microsoft and the community, you probably know that Microsoft still invest on its collaboration platform. However, the investment budget is allocated towards SharePoint Online to strengthen Microsoft Cloud ecosystem. It does not mean the on-premises version is not Microsoft priority. There are massive number of SharePoint on-premises out there in the market. On-premises deployment still has a room in my opinion. The last version of Microsoft SharePoint for on-premises is SharePoint Server 2016, offering several significant improvements upon customer’s voice and demand Microsoft has received since 2013.
If you are working with Microsoft Cloud sometimes, you may have heard about Microsoft Trust Center where Microsoft proves to its customers a trustworthy platform. From the center, Microsoft shows not only compliance achievement but also security privacy and its practices. To Microsoft Azure specifically, the Trust Center is here