Posts

Securing Azure VM - Checklist

Organization lean towards cloud is growing. Many enterprises are planning to fully deploy their infrastructure to the cloud. As an initial step they are embracing Software as a Service and extending their workload to the cloud, making it as a secondary site for compute and storage resources. Creating resources in Azure is simple, will finishes within few clicks, however if we missed few steps or rule of thumbs on provisioning resources, it might leave a loop hole which could be easily exploited. Below is the checklist for consideration to ensure that you have securely deployed your resources (VM) to Azure Cloud. Network Setup Is your network Isolated and breakdown into different zones?  Do you need to stop different zones/subnets communicating with each other?  Is Network Security Group applied?  Can you justify the need of PublicIP? How you are planning to RDP VM?  Did you have list of endpoints of Azure VM to be provisioned? Do you need all those en...

Network Security Group (NSG)

Image
Network Security Group (NSG) helps to filter inbound and outbound traffic from Azure Virtual Machine and PAAS(Web and Worker Role - Classic Model). These rules can be applied on the Network Interface Card(NIC), Subnet, and in the Network Configuration Schema. It function as a mini firewall. Rules are evaluated based on the weight assigned to them. Lower weight will be evaluated first. By default, it contain at least 3 inbound (AllowVNetInBound, AllowAzureLoadBalancerInBound, DenyAllInBound) and 3 outbound rules(AllowVnetOutBound, AllowInternetBound, DenyAllOutBound). NSG can be applied using portal, PowerShell, CLI and using Template and easy way is via portal. NSG FAQ 1. How can I check if my rules are applied or not? Ans: Using the built in tool Network Watcher you can verify is rules is being applied and working or not. Remember, Network Watcher needs to be enabled before performing check. 2. How to know which rules will be evaluated first? / How priority is defined...

Network Security in Azure

Image
Microsoft Azure has one of the world largest Software Define Network (SDN) fabrics stretches around the globe. It has its point of presence in 36 regions and expanding rapidly. It usages its own infrastructure in order to make sure data will never leave Microsoft backbone network and encryption is put in place either in REST or in transit. Network Security Network and storage are the basic foundation block of any virtual environment. Azure provides complete isolated environment from tenant level, further isolated into subscription(Management prospective) and into virtual network, Subnet (Network Prospective). And, In terms of access, all its resources are tightly coupled with Azure Active Directory and different Role Based Access Control (RBAC) can be assigned to individual user's to meet/restrict access to the resources. Azure Protection Circle Azure Network Security Best Practices Any network enabled device/application which requires IP address are kept...

Securing Azure Resources

Moving towards cloud is inevitable, however security concern and transparency issues will always push behind the implementation of the cloud in the enterprise level. Small medium business and start-up's are way forwards on exploring the opportunities provided by the cloud. Microsoft have heavily invested on securing Azure and gaining the trust of customers. In-fact, it had implemented multi-layer protection mechanism to meet the compliance requirements with national, regional, and industry specific requirement governing the collection and usages of personal data. Those layers are as follow where every layered security measured has been implemented. Network Security Database Security Storage Security  Compute Security  Operational Security  Security Management and Monitoring  Service Fabrics Security  Identity Management IoT Security  Azure Encryption