SlideShare a Scribd company logo

Design a Secure Azure IaaS - Lesson Learnt from Government Cloud

Download as PPTX, PDF
Thuan Ng
Thuan Ng

Purchase Microsoft Azure IaaS Defense in Depth Guide at Amazon http://amzn.com/B07117YWFZ with only 10$. Global Azure Bootcamp 2017 Singapore - Security has never stopped being a hot topic in the wave of digital transformation. Moving to cloud does not mean your system is protected. The responsibility of information security is still shared by both parties: cloud provider and you, and has been a challenge to you in the design & implementation. This session will give you a practical design for a secure system hosted on Microsoft Azure. There will be also the model and lesson learnt from Government Cloud which is the principle to the architecture design & implementation

1 of 59
Downloaded 113 times
Design a secure Azure IaaS – Lesson learnt from Government Cloud Thuan Ng
Survey  Participate with us and win exciting prizes http://bit.ly/sg-gab TweetTags: #GlobalAzure #GABSG #AzureSkills
Stay till end  SWAGs, PRIZES,TAKE-AWAYS Xbox One System Microsoft Azure IoT Starter Kit with Raspberry Pi 3 Raspberry Pi 3 Software Licenses and more...
About Me  Over 9 years experiences focused on Microsoft Stack  Solution Architecture, Technical Evangelism, Product Development, Pre-sales Consulting, Security Architecture, Public Sector  Microsoft MVP (2011 – Now)  Blog at http://thuansoldier.net  Twitter at @nnthuan
I’m not going to talk about  Self-introduction as a hacker (opps! perhaps advanced script kiddie)  Too much about Government Cloud  Vulnerability Assessment and PenetrationTest  Fundamental Cloud Computing  Information Security Management (e.g. Compliance, Risk…)  Azure Government (https://azure.microsoft.com/en- us/overview/clouds/government/)
My security principles  Security is not a silver bullet  Security must come firstly from your awareness  Security by default before security by design  No pain no gain if you dare
Why Should We Care About Security?
Think about the impact System gets hacked Down service Your data is compromised Operational Impact Business Impact Sell to competitor Down reputation Money loss
..security is • Your quality metric • You professional service • Your reputation • Your business result
Government Cloud Overview
Government Cloud Summary  A private cloud built for government agencies to host critical-classified system.  G-Cloud offers compute, infrastructure resources like any IaaS cloud provider. PaaS is included but not too much.  Default hardening rules to be applied to all governance agencies.
Sample Architecture On-premises (Agency) Internal DMZ 1 NGFW Internal DMZ 2 Web App Proxy HAZ Web Front-End VMs Web Compartment Application VMs App Compartment Database VMs DB Compartment G-Cloud Infrastructure & Service Fabric NGFW External DMZ 1 External DMZ 2 Web App ProxyInternet HAZ Utility SMTP SFTP
We would see several layers Defense System HAZ Zone Agency Network Your Defense System Virtual Machine
Technical Security Requirement  DMZ (Delimitarized Zone) & 3-layer Architecture  Network Isolation & Restriction  Identy Access Management  Deny-All Inbound Rule  Client Endpoint Protection
Azure Compliance Industry United States Regional
..it does not mean  Azure is the most secure platform in the world.  Azure helps prevent every attack  You will have a good sleep and no concern about vulnerability when hosting your system on Azure
To Singapore specifically • Receive Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) level 3 certification conducted by IMDA (formerly IDA). • Comply withPersonal Data and Privacy Act (PDPA) which is part of MTCS requirement. • If you still don’t *trust* Azure, go read https://azure.microsoft.com/en-us/support/trust-center/
You never forgot this slide :) On Premises Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Youmanage Infrastructure (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime ManagedbyMicrosoft Youmanage Platform (as a Service) ManagedbyMicrosoft Youmanage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data Software (as a Service) ManagedbyMicrosoft Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data
Azure IaaS security responsibility Data classification & accountability Identity & access management Client & end-point protection Application level controls Physical security Host infrastructure Network controls You Microsoft
How much Microsoft Azure can help? Defense System Virtual Network Network Security Group Your Defense System Virtual MachineAccess Control
Something before we move on • Azure Denial-of-service (DDos) defense system is designed for network-layer high volume attacks to protect Azure tenants. • Azure does not provide mitigation or actively block network traffic to customer deployment at application-layer attack.
Receipt 01: Azure Network Security
Demiliterized Zone Keep searching from Google to see how cool it is
DMZ Perimeter  DMZ (demilitarized zone) is to separate private network from *untrusted* network.  DMZ is not to make you safe, but it’s part of defense in depth strategy  Azure supports building DMZ with Network Security Group (NGS), User Defined Routing (UDR), NetworkVirtual Appliance (NVA), IP Forwarding Internet-facing Private Network Stock Data Internet
Separate subnet for each role  Attacker cant get to all the systems if exploiting successfully one subnet.  Effectively keep track yourVMs put on each subnet  More control on network access (e.g. with Network Security Group)  It’s like role compartment in G- Cloud. FE Subnet 192.168.1.0/24 DB Subnet 192.168.2.0/24 Virtual Network
Network Security Group  Segment network to meet security needs  Can protect Internet and internal traffic  Enables DMZ subnets  Associated to subnets/VMs and NICs  Does not provide any level of application layer inspection Internet-facing Inbound HTTP 80 Private Network DB Inbound 1433 TCP Inbound RDP 3389 Inbound RDP 3389
Network Security Group DMZ IIS Rewrite VM HTTP/HTTPS 80/TCP 443 /TCP Web Subnet SharePoint WFE 8443 /TCP 8080/TCP App Subnet Search, User Profile, DC…. 22233 – 22236/TCP 32843 – 32845/TCP 808/TCP 1433/TCP Database DB Subnet Forward Proxy Forward Proxy 80/TCP 443/TCP 1433/TCP NSG NSG NSG NSG NSG Token Issuer Virtual Network
Network Security Group Flow Azure host receive traffic Inbound traffic Load outbound NSG rules by priority Load inbound NSG rules by priority Get first rule Rule matches Deny Rules? Last Rules? Azure host receive traffic Drop packet Allow packet No Yes No No Yes Yes No
Network Security Group  NSG is simply a stateful packet filtering firewall but is still useful today for defense in depth.  Apply to aVM (via NIC) or a group of servers (via subnet).  Be careful with “Deny All” outbound rule (http://bit.ly/autoabnsg)  Use NetworkWatcher to achieve packet tracert of NSG (in Public Preview with 3 regions available) Security Center Application Gateway SQL Database Virtual Network NSG
Network Security Group Sample Rule 100 In Application SQL 101 In Internet RDP 102 In Application * 200 Out Internet * 100 In Internet RDP 101 In Internet HTTP 100 In Front-end HTTPS 101 In Internet HTTP 200 Out Internet * NSG NSG NSG Internet
Network Security Group Takeaway  Default limit per subscription is 100.You can request up to 200  NSG rules per NSG is 200. Can request up to 400.  If using both levels of VM (NIC) and subnet, you need to create allow rules on both levels.  Subnet gets evaluated first, NIC comes after.  Diagnostic logs are only available for NSGs deployed through the ARM.
User Defined Routing (UDR)  Force the traffic to network virtual appliance (e.g. Barracuda NG Firewall) or your own FW  Control inbound/outbound to route to NVA at the next hop.  Require IP Forwarding to be enabled  Help monitor and inspect network traffic.  Limit on 265 routes per subnet Back-End Subnet 192.168.1.0/24 Front-End Subnet 192.168.2.0/24 NVA Subnet UDR UDR (Next hop)
Virtual Network Security Appliance • NSG and UDR should not be enough. • Get more level control with virtual network security appliance (e.g. Barracuda, F5, Fortigate, Cisco…). Available list http://bit.ly/azurenva
Increase availability  Availability is part of CIA triangle.  Use Azure Load Balancer to increase uptime  HTTP-based load balancing (Application Gateway)  External/Internal load balancing  Internet load balancing (Traffic Manager)
Availability Set  An availability set (SLA of 99.95%) helps keep yourVM available during downtime  Fault Domain  Update Domain  Create availability set for tier and role (Web, App, Database, Search…)
Azure Application Gateway  Azure-managed, first party virtual appliances  HTTP routing based on app-level policies  Cookies affinity  URL hash  SSL termination and caching
Azure VPN Gateway  RDP or SSH are commonly attacked with brute-force techniques  UseVPN instead of direct RDP and SSH for better remote management:  Point-to-SiteVPN  Site-to-SiteVPN  ExpressRoute is a private connection via telco which doesn’t travel over the Internet. Administrator Client PC P2S SSTP Tunnel Azure VPN Gateway
Sample DiD SharePoint 2016 on Azure Application Gateway ILB SP Web App ILB DB Jump RDP w/ VPN P2S ELB DMZ Web 80/443 80/443 80/443 1433 NSG NSGNSG NSG AD NSG List of AD Port
Receipt 02: VM & Storage Protection
Azure Disk Encryption • Used to encryptVM OS and data disk on IaaSVMs. • When encrypted, keys are stored in KeyVault which is required for decryption. • Azure Disk Encryption leverages BitLocker forWindowsVM (WS2008 or later). Azure Storage OS Disk Data Disk Key Vault
Three-step to encrypt a VM 1. Run Azure Disk Encryption Prerequisites: http://bit.ly/adesetup 2. Run the following & wait 10-15 mins. Fill appropriate variable $vmName = 'IIS01' $resourceGroupName = 'gabsg-simple-dmz-nsg' $aadClientID = '8650f931-096f-4638-b942-1e7a39d02b48' $aadClientSecret = '171264ae-3e2d-4474-bde9-2cd6fdaac722' $diskEncryptionKeyVaultUrl = 'https://GABSG-KeyVault-Demo.vault.azure.net' $keyVaultResourceId = '/subscriptions/2dd8cb59-ed12-4755-a2bc-356c212fbafc/resourceGroups/gabsg-simple-dmz- nsg/providers/Microsoft.KeyVault/vaults/GABSG-KeyVault-Demo' Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $keyVaultResourceId
Antimalware for VM  Only supportWindows Server 2008 R2, 2012 and 2012 R2. Name in 2016 isWindows Defender.  Enable Antimalware forVM by:  Azure portal (Security Extension)  Visual StudioVM configuration  PowerShell  Azure Security Center  Enabling Antimalware through the Azure portal does not enable its diagnostics logs. PowerShell can help  GUI is not available until you modify UILockdown key in HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftM icrosoft AntimalwareUX Configuration Azure Storage Antimalware service Antimalware events Antimalware Signature Engine & Platform Updates
Automate hardening VM  Use Azure Automation DSC to automate hardened configuration for your onboardingVM.  Build your own PowerShell script followed STIG guide or your own guide.  Local security policy  Built-in firewall  Anti-virus deployment  Other security setting  Hundreds of resources available https://github.com/powershell/dscresources Node Configuration Hardening Script Onboarding VMAzure DSC
Sample template for User Right Configuration UserRights { Import-DscResource -ModuleName SecurityPolicyDsc Node localhost { #Assign shutdown privileges to only BuiltinAdministrators UserRightsAssignment AssignShutdownPrivilegesToAdmins { Policy = "Shut_down_the_system" Identity = "BuiltinAdministrators" } #Assign access from the network privileges to "contosoTestUser1" and "contosoTestUser2" UserRightsAssignment AccessComputerFromNetwork { Policy = "Access_this_computer_from_the_network" Identity = "contosoTestUser1","contosoTestUser2" } } } UserRights -OutputPath c:dsc Start-DscConfiguration -Path c:dsc -Verbose -Wait -Force http://bit.ly/azuredscusr
Receipt 03: Identity Protection
Azure Hierarchy Microsoft Azure Resource Group Azure resources  One AzureAD linked to one supscription.  One resource can only be linked to one resource group.  AzureAD manages all type of resources with role-based access control mechanism Azure AD Azure Supscription Microsoft Account
Two-Factor Auth on Azure Portal  First step to securing everything in Azure portal  Currently can’t force Microsoft account to use multi-factor auth  Control multi-factor auth via https://account.activedirectory.wind owsazure.com/usermanagement/m ultifactorverification.aspx  If AzureAD account, use Conditional access to force multi-factor auth Guide: http://thuansoldier.net/?p=5002
Role-based Access Control  Allow you to grant specific permission to user/group to perform their tasks in Azure  Assignable to users, groups or service principals.  Changes on access are logged in Azure event. Use PowerShell to generate the report  Get-AzureRMAuthorizationChangeLog
Azure AD Identity Protection  Build a risk-based policy to automatically protect identities  Leaked credentials  Impossible travel to atypical locations  Sign-ins from infected devices  Sign-ins from anonymous IP addresses  Sign-ins from IP addresses with suspicious activity  Signs in from unfamiliar locations  Available onAzure AD Premium
Receipt 04: Protect your Azure resources
Azure Security Center • An intelligent service to help prevent, detect and respond to threats. • It applies advanced analytics, machine learning and behavioral analysis. • Can monitor one or more subscriptions in a centralized view.
VM Security Health
Security Alert  Alert you if a resource is being attacked  Available in StandardTier  Worth using if your environment is large and critical to your business.
Azure Advisor  AzureAdvisor integrates with Azure Security Center to show you theVM security related recommendations.  High Availability & Performance recommendations
Key takeway  Defend your IaaS before deep-dive security implementation (e.g. intelligent security, high-class crypto….)  DevOps can help to make a deployable compliance template across your IaaS.  Cost for security breach may be much large than the one for implementation.  Tons of security solutions in Azure Marketplace to take a look.
Summy of what’s been discussed Virtual Network Network Security Group Network User Defined Routing VPN Gateway ExpressRoute Load Balancer Appligation Gateway AzureActive Directory NetworkVirtual Appliance VirtualMachine Azure Disk Encryption Azure KeyVault Azure Antimalware Identity AzureActive Directory Role-based Access Control Monitoring&Ops Azure Security Advisor Azure Security Center Azure Automation Would I be missing any of services here?
Additional references • https://docs.microsoft.com/en-us/azure/security/azure-security- network-security-best-practices • https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure- network-security-groups-nsg-best-practices-and-lessons-learned/ • https://docs.microsoft.com/en-us/azure/security/azure-security-best- practices-vms • https://docs.microsoft.com/en-us/azure/security/azure-security- identity-management-best-practices
GetStartedwithMicrosoftAzure Get theSDKs and command-line tools you need http://azure.microsoft.com/en-us/downloads/ Learn more http://azure.microsoft.com/ Likeusour Facebook page Joinus@ meetup group
Q & A
Ad

Recommended

Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...
ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...
ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...
Thuan Ng
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
David Chou
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Introduction of microsoft azure
Introduction of microsoft azureIntroduction of microsoft azure
Introduction of microsoft azure
Karthik Perugupalli
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
Robert Crane
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft Azure
Microsoft Azure
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
Aptera Inc
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Maarten Balliauw
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
Mostafa
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - june
DavidGristwood
 
Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017
Girish Kalamati
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
BizTalk360
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
Atanas Gergiminov
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
Balabiju
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Mohammad Ilyas Malik
 
Getting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 minsGetting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 mins
Ilyas F ☁☁☁
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Windowsazureplatform Overviewlatest
Windowsazureplatform OverviewlatestWindowsazureplatform Overviewlatest
Windowsazureplatform Overviewlatest
rajramab
 
Migrating Apps To Azure
Migrating Apps To AzureMigrating Apps To Azure
Migrating Apps To Azure
Harish Ranganathan
 
Azure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainAzure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over Again
Sean Deuby
 
Introduction to Azure Cloud Storage
Introduction to Azure Cloud StorageIntroduction to Azure Cloud Storage
Introduction to Azure Cloud Storage
Ganga R Jaiswal
 
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
☁ Hicham KADIRI ☁
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Guy Barrette
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
InnoTech
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
responsiveX
 
Ad

More Related Content

What's hot (20)

The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
Aptera Inc
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Maarten Balliauw
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
Mostafa
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - june
DavidGristwood
 
Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017
Girish Kalamati
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
BizTalk360
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
Atanas Gergiminov
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
Balabiju
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Mohammad Ilyas Malik
 
Getting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 minsGetting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 mins
Ilyas F ☁☁☁
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Windowsazureplatform Overviewlatest
Windowsazureplatform OverviewlatestWindowsazureplatform Overviewlatest
Windowsazureplatform Overviewlatest
rajramab
 
Migrating Apps To Azure
Migrating Apps To AzureMigrating Apps To Azure
Migrating Apps To Azure
Harish Ranganathan
 
Azure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainAzure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over Again
Sean Deuby
 
Introduction to Azure Cloud Storage
Introduction to Azure Cloud StorageIntroduction to Azure Cloud Storage
Introduction to Azure Cloud Storage
Ganga R Jaiswal
 
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
☁ Hicham KADIRI ☁
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Guy Barrette
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
Aptera Inc
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Maarten Balliauw
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
Mostafa
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - june
DavidGristwood
 
Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017Windows azure jump start - ppt's - 2-6-2017
Windows azure jump start - ppt's - 2-6-2017
Girish Kalamati
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
BizTalk360
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
gjuljo
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
Atanas Gergiminov
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
Balabiju
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
Mohammad Ilyas Malik
 
Getting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 minsGetting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 mins
Ilyas F ☁☁☁
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Windowsazureplatform Overviewlatest
Windowsazureplatform OverviewlatestWindowsazureplatform Overviewlatest
Windowsazureplatform Overviewlatest
rajramab
 
Migrating Apps To Azure
Migrating Apps To AzureMigrating Apps To Azure
Migrating Apps To Azure
Harish Ranganathan
 
Azure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainAzure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over Again
Sean Deuby
 
Introduction to Azure Cloud Storage
Introduction to Azure Cloud StorageIntroduction to Azure Cloud Storage
Introduction to Azure Cloud Storage
Ganga R Jaiswal
 
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
[RDS /Remote Desktop Services] Lesson 1 : Security Risks & Best Practices You...
☁ Hicham KADIRI ☁
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Guy Barrette
 

Similar to Design a Secure Azure IaaS - Lesson Learnt from Government Cloud (20)

Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
InnoTech
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
responsiveX
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
Pushkar Saraf
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
Security Essentials for Azure PaaS Lovers.pdf
Security Essentials for Azure PaaS Lovers.pdfSecurity Essentials for Azure PaaS Lovers.pdf
Security Essentials for Azure PaaS Lovers.pdf
Karim Vaes
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future Musings
Port80 Software
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Marcos Oikawa
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET Journal
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
Ulf Mattsson
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
InnoTech
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
responsiveX
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
Pushkar Saraf
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
Security Essentials for Azure PaaS Lovers.pdf
Security Essentials for Azure PaaS Lovers.pdfSecurity Essentials for Azure PaaS Lovers.pdf
Security Essentials for Azure PaaS Lovers.pdf
Karim Vaes
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future Musings
Port80 Software
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Marcos Oikawa
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET Journal
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
Ulf Mattsson
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Ad

More from Thuan Ng (20)

Accelerating Digital Transformation With Microsoft Azure And Cognitive Services
Accelerating Digital Transformation With Microsoft Azure And Cognitive ServicesAccelerating Digital Transformation With Microsoft Azure And Cognitive Services
Accelerating Digital Transformation With Microsoft Azure And Cognitive Services
Thuan Ng
 
An initiative to healthcare analytics with office 365 and power bi spsparis2017
An initiative to healthcare analytics with office 365 and power bi spsparis2017An initiative to healthcare analytics with office 365 and power bi spsparis2017
An initiative to healthcare analytics with office 365 and power bi spsparis2017
Thuan Ng
 
Lotus Notes Transition To Office 365
Lotus Notes Transition To Office 365Lotus Notes Transition To Office 365
Lotus Notes Transition To Office 365
Thuan Ng
 
Search Solution in SharePoint 2013
Search Solution in SharePoint 2013Search Solution in SharePoint 2013
Search Solution in SharePoint 2013
Thuan Ng
 
Planning and deploying_share_point_farm_in_azure_gabsg_2016
Planning and deploying_share_point_farm_in_azure_gabsg_2016Planning and deploying_share_point_farm_in_azure_gabsg_2016
Planning and deploying_share_point_farm_in_azure_gabsg_2016
Thuan Ng
 
B365 saturday practical guide to building a scalable search architecture in s...
B365 saturday practical guide to building a scalable search architecture in s...B365 saturday practical guide to building a scalable search architecture in s...
B365 saturday practical guide to building a scalable search architecture in s...
Thuan Ng
 
SharePoint 2013 Document Management Features
SharePoint 2013 Document Management FeaturesSharePoint 2013 Document Management Features
SharePoint 2013 Document Management Features
Thuan Ng
 
SharePoint 2010 Intranet Presentation
SharePoint 2010 Intranet PresentationSharePoint 2010 Intranet Presentation
SharePoint 2010 Intranet Presentation
Thuan Ng
 
Make a better social collaboration platform with share point 2013
Make a better social collaboration platform with share point 2013Make a better social collaboration platform with share point 2013
Make a better social collaboration platform with share point 2013
Thuan Ng
 
Explanation of sp in crazy way
Explanation of sp in crazy wayExplanation of sp in crazy way
Explanation of sp in crazy way
Thuan Ng
 
SharePoint Development with Visual Studio 2012
SharePoint Development with Visual Studio 2012SharePoint Development with Visual Studio 2012
SharePoint Development with Visual Studio 2012
Thuan Ng
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyen
Thuan Ng
 
A glance at share point 2013 social features
A glance at share point 2013 social featuresA glance at share point 2013 social features
A glance at share point 2013 social features
Thuan Ng
 
Sp administration-training-prism
Sp administration-training-prismSp administration-training-prism
Sp administration-training-prism
Thuan Ng
 
Share point 2010 indoctrination
Share point 2010 indoctrinationShare point 2010 indoctrination
Share point 2010 indoctrination
Thuan Ng
 
Basics of project management - Week 1
Basics of project management - Week 1Basics of project management - Week 1
Basics of project management - Week 1
Thuan Ng
 
Designing service applications architecture
Designing service applications architectureDesigning service applications architecture
Designing service applications architecture
Thuan Ng
 
Sharepoint 2010 the medicine for your business hsu
Sharepoint 2010 the medicine for your business hsuSharepoint 2010 the medicine for your business hsu
Sharepoint 2010 the medicine for your business hsu
Thuan Ng
 
Sharepoint 2010 overview for student in university
Sharepoint 2010 overview for student in universitySharepoint 2010 overview for student in university
Sharepoint 2010 overview for student in university
Thuan Ng
 
Introduce share point 2010 benefit at initial stage of sharepoint project
Introduce share point 2010 benefit at initial stage of sharepoint projectIntroduce share point 2010 benefit at initial stage of sharepoint project
Introduce share point 2010 benefit at initial stage of sharepoint project
Thuan Ng
 
Accelerating Digital Transformation With Microsoft Azure And Cognitive Services
Accelerating Digital Transformation With Microsoft Azure And Cognitive ServicesAccelerating Digital Transformation With Microsoft Azure And Cognitive Services
Accelerating Digital Transformation With Microsoft Azure And Cognitive Services
Thuan Ng
 
An initiative to healthcare analytics with office 365 and power bi spsparis2017
An initiative to healthcare analytics with office 365 and power bi spsparis2017An initiative to healthcare analytics with office 365 and power bi spsparis2017
An initiative to healthcare analytics with office 365 and power bi spsparis2017
Thuan Ng
 
Lotus Notes Transition To Office 365
Lotus Notes Transition To Office 365Lotus Notes Transition To Office 365
Lotus Notes Transition To Office 365
Thuan Ng
 
Search Solution in SharePoint 2013
Search Solution in SharePoint 2013Search Solution in SharePoint 2013
Search Solution in SharePoint 2013
Thuan Ng
 
Planning and deploying_share_point_farm_in_azure_gabsg_2016
Planning and deploying_share_point_farm_in_azure_gabsg_2016Planning and deploying_share_point_farm_in_azure_gabsg_2016
Planning and deploying_share_point_farm_in_azure_gabsg_2016
Thuan Ng
 
B365 saturday practical guide to building a scalable search architecture in s...
B365 saturday practical guide to building a scalable search architecture in s...B365 saturday practical guide to building a scalable search architecture in s...
B365 saturday practical guide to building a scalable search architecture in s...
Thuan Ng
 
SharePoint 2013 Document Management Features
SharePoint 2013 Document Management FeaturesSharePoint 2013 Document Management Features
SharePoint 2013 Document Management Features
Thuan Ng
 
SharePoint 2010 Intranet Presentation
SharePoint 2010 Intranet PresentationSharePoint 2010 Intranet Presentation
SharePoint 2010 Intranet Presentation
Thuan Ng
 
Make a better social collaboration platform with share point 2013
Make a better social collaboration platform with share point 2013Make a better social collaboration platform with share point 2013
Make a better social collaboration platform with share point 2013
Thuan Ng
 
Explanation of sp in crazy way
Explanation of sp in crazy wayExplanation of sp in crazy way
Explanation of sp in crazy way
Thuan Ng
 
SharePoint Development with Visual Studio 2012
SharePoint Development with Visual Studio 2012SharePoint Development with Visual Studio 2012
SharePoint Development with Visual Studio 2012
Thuan Ng
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyen
Thuan Ng
 
A glance at share point 2013 social features
A glance at share point 2013 social featuresA glance at share point 2013 social features
A glance at share point 2013 social features
Thuan Ng
 
Sp administration-training-prism
Sp administration-training-prismSp administration-training-prism
Sp administration-training-prism
Thuan Ng
 
Share point 2010 indoctrination
Share point 2010 indoctrinationShare point 2010 indoctrination
Share point 2010 indoctrination
Thuan Ng
 
Basics of project management - Week 1
Basics of project management - Week 1Basics of project management - Week 1
Basics of project management - Week 1
Thuan Ng
 
Designing service applications architecture
Designing service applications architectureDesigning service applications architecture
Designing service applications architecture
Thuan Ng
 
Sharepoint 2010 the medicine for your business hsu
Sharepoint 2010 the medicine for your business hsuSharepoint 2010 the medicine for your business hsu
Sharepoint 2010 the medicine for your business hsu
Thuan Ng
 
Sharepoint 2010 overview for student in university
Sharepoint 2010 overview for student in universitySharepoint 2010 overview for student in university
Sharepoint 2010 overview for student in university
Thuan Ng
 
Introduce share point 2010 benefit at initial stage of sharepoint project
Introduce share point 2010 benefit at initial stage of sharepoint projectIntroduce share point 2010 benefit at initial stage of sharepoint project
Introduce share point 2010 benefit at initial stage of sharepoint project
Thuan Ng
 
Ad

Recently uploaded (20)

Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 

Design a Secure Azure IaaS - Lesson Learnt from Government Cloud

  • 1. Design a secure Azure IaaS – Lesson learnt from Government Cloud Thuan Ng
  • 2. Survey  Participate with us and win exciting prizes http://bit.ly/sg-gab TweetTags: #GlobalAzure #GABSG #AzureSkills
  • 3. Stay till end  SWAGs, PRIZES,TAKE-AWAYS Xbox One System Microsoft Azure IoT Starter Kit with Raspberry Pi 3 Raspberry Pi 3 Software Licenses and more...
  • 4. About Me  Over 9 years experiences focused on Microsoft Stack  Solution Architecture, Technical Evangelism, Product Development, Pre-sales Consulting, Security Architecture, Public Sector  Microsoft MVP (2011 – Now)  Blog at http://thuansoldier.net  Twitter at @nnthuan
  • 5. I’m not going to talk about  Self-introduction as a hacker (opps! perhaps advanced script kiddie)  Too much about Government Cloud  Vulnerability Assessment and PenetrationTest  Fundamental Cloud Computing  Information Security Management (e.g. Compliance, Risk…)  Azure Government (https://azure.microsoft.com/en- us/overview/clouds/government/)
  • 6. My security principles  Security is not a silver bullet  Security must come firstly from your awareness  Security by default before security by design  No pain no gain if you dare
  • 7. Why Should We Care About Security?
  • 8. Think about the impact System gets hacked Down service Your data is compromised Operational Impact Business Impact Sell to competitor Down reputation Money loss
  • 9. ..security is • Your quality metric • You professional service • Your reputation • Your business result
  • 11. Government Cloud Summary  A private cloud built for government agencies to host critical-classified system.  G-Cloud offers compute, infrastructure resources like any IaaS cloud provider. PaaS is included but not too much.  Default hardening rules to be applied to all governance agencies.
  • 12. Sample Architecture On-premises (Agency) Internal DMZ 1 NGFW Internal DMZ 2 Web App Proxy HAZ Web Front-End VMs Web Compartment Application VMs App Compartment Database VMs DB Compartment G-Cloud Infrastructure & Service Fabric NGFW External DMZ 1 External DMZ 2 Web App ProxyInternet HAZ Utility SMTP SFTP
  • 13. We would see several layers Defense System HAZ Zone Agency Network Your Defense System Virtual Machine
  • 14. Technical Security Requirement  DMZ (Delimitarized Zone) & 3-layer Architecture  Network Isolation & Restriction  Identy Access Management  Deny-All Inbound Rule  Client Endpoint Protection
  • 16. ..it does not mean  Azure is the most secure platform in the world.  Azure helps prevent every attack  You will have a good sleep and no concern about vulnerability when hosting your system on Azure
  • 17. To Singapore specifically • Receive Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) level 3 certification conducted by IMDA (formerly IDA). • Comply withPersonal Data and Privacy Act (PDPA) which is part of MTCS requirement. • If you still don’t *trust* Azure, go read https://azure.microsoft.com/en-us/support/trust-center/
  • 18. You never forgot this slide :) On Premises Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Youmanage Infrastructure (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime ManagedbyMicrosoft Youmanage Platform (as a Service) ManagedbyMicrosoft Youmanage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data Software (as a Service) ManagedbyMicrosoft Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data
  • 19. Azure IaaS security responsibility Data classification & accountability Identity & access management Client & end-point protection Application level controls Physical security Host infrastructure Network controls You Microsoft
  • 20. How much Microsoft Azure can help? Defense System Virtual Network Network Security Group Your Defense System Virtual MachineAccess Control
  • 21. Something before we move on • Azure Denial-of-service (DDos) defense system is designed for network-layer high volume attacks to protect Azure tenants. • Azure does not provide mitigation or actively block network traffic to customer deployment at application-layer attack.
  • 22. Receipt 01: Azure Network Security
  • 23. Demiliterized Zone Keep searching from Google to see how cool it is
  • 24. DMZ Perimeter  DMZ (demilitarized zone) is to separate private network from *untrusted* network.  DMZ is not to make you safe, but it’s part of defense in depth strategy  Azure supports building DMZ with Network Security Group (NGS), User Defined Routing (UDR), NetworkVirtual Appliance (NVA), IP Forwarding Internet-facing Private Network Stock Data Internet
  • 25. Separate subnet for each role  Attacker cant get to all the systems if exploiting successfully one subnet.  Effectively keep track yourVMs put on each subnet  More control on network access (e.g. with Network Security Group)  It’s like role compartment in G- Cloud. FE Subnet 192.168.1.0/24 DB Subnet 192.168.2.0/24 Virtual Network
  • 26. Network Security Group  Segment network to meet security needs  Can protect Internet and internal traffic  Enables DMZ subnets  Associated to subnets/VMs and NICs  Does not provide any level of application layer inspection Internet-facing Inbound HTTP 80 Private Network DB Inbound 1433 TCP Inbound RDP 3389 Inbound RDP 3389
  • 27. Network Security Group DMZ IIS Rewrite VM HTTP/HTTPS 80/TCP 443 /TCP Web Subnet SharePoint WFE 8443 /TCP 8080/TCP App Subnet Search, User Profile, DC…. 22233 – 22236/TCP 32843 – 32845/TCP 808/TCP 1433/TCP Database DB Subnet Forward Proxy Forward Proxy 80/TCP 443/TCP 1433/TCP NSG NSG NSG NSG NSG Token Issuer Virtual Network
  • 28. Network Security Group Flow Azure host receive traffic Inbound traffic Load outbound NSG rules by priority Load inbound NSG rules by priority Get first rule Rule matches Deny Rules? Last Rules? Azure host receive traffic Drop packet Allow packet No Yes No No Yes Yes No
  • 29. Network Security Group  NSG is simply a stateful packet filtering firewall but is still useful today for defense in depth.  Apply to aVM (via NIC) or a group of servers (via subnet).  Be careful with “Deny All” outbound rule (http://bit.ly/autoabnsg)  Use NetworkWatcher to achieve packet tracert of NSG (in Public Preview with 3 regions available) Security Center Application Gateway SQL Database Virtual Network NSG
  • 30. Network Security Group Sample Rule 100 In Application SQL 101 In Internet RDP 102 In Application * 200 Out Internet * 100 In Internet RDP 101 In Internet HTTP 100 In Front-end HTTPS 101 In Internet HTTP 200 Out Internet * NSG NSG NSG Internet
  • 31. Network Security Group Takeaway  Default limit per subscription is 100.You can request up to 200  NSG rules per NSG is 200. Can request up to 400.  If using both levels of VM (NIC) and subnet, you need to create allow rules on both levels.  Subnet gets evaluated first, NIC comes after.  Diagnostic logs are only available for NSGs deployed through the ARM.
  • 32. User Defined Routing (UDR)  Force the traffic to network virtual appliance (e.g. Barracuda NG Firewall) or your own FW  Control inbound/outbound to route to NVA at the next hop.  Require IP Forwarding to be enabled  Help monitor and inspect network traffic.  Limit on 265 routes per subnet Back-End Subnet 192.168.1.0/24 Front-End Subnet 192.168.2.0/24 NVA Subnet UDR UDR (Next hop)
  • 33. Virtual Network Security Appliance • NSG and UDR should not be enough. • Get more level control with virtual network security appliance (e.g. Barracuda, F5, Fortigate, Cisco…). Available list http://bit.ly/azurenva
  • 34. Increase availability  Availability is part of CIA triangle.  Use Azure Load Balancer to increase uptime  HTTP-based load balancing (Application Gateway)  External/Internal load balancing  Internet load balancing (Traffic Manager)
  • 35. Availability Set  An availability set (SLA of 99.95%) helps keep yourVM available during downtime  Fault Domain  Update Domain  Create availability set for tier and role (Web, App, Database, Search…)
  • 36. Azure Application Gateway  Azure-managed, first party virtual appliances  HTTP routing based on app-level policies  Cookies affinity  URL hash  SSL termination and caching
  • 37. Azure VPN Gateway  RDP or SSH are commonly attacked with brute-force techniques  UseVPN instead of direct RDP and SSH for better remote management:  Point-to-SiteVPN  Site-to-SiteVPN  ExpressRoute is a private connection via telco which doesn’t travel over the Internet. Administrator Client PC P2S SSTP Tunnel Azure VPN Gateway
  • 38. Sample DiD SharePoint 2016 on Azure Application Gateway ILB SP Web App ILB DB Jump RDP w/ VPN P2S ELB DMZ Web 80/443 80/443 80/443 1433 NSG NSGNSG NSG AD NSG List of AD Port
  • 39. Receipt 02: VM & Storage Protection
  • 40. Azure Disk Encryption • Used to encryptVM OS and data disk on IaaSVMs. • When encrypted, keys are stored in KeyVault which is required for decryption. • Azure Disk Encryption leverages BitLocker forWindowsVM (WS2008 or later). Azure Storage OS Disk Data Disk Key Vault
  • 41. Three-step to encrypt a VM 1. Run Azure Disk Encryption Prerequisites: http://bit.ly/adesetup 2. Run the following & wait 10-15 mins. Fill appropriate variable $vmName = 'IIS01' $resourceGroupName = 'gabsg-simple-dmz-nsg' $aadClientID = '8650f931-096f-4638-b942-1e7a39d02b48' $aadClientSecret = '171264ae-3e2d-4474-bde9-2cd6fdaac722' $diskEncryptionKeyVaultUrl = 'https://GABSG-KeyVault-Demo.vault.azure.net' $keyVaultResourceId = '/subscriptions/2dd8cb59-ed12-4755-a2bc-356c212fbafc/resourceGroups/gabsg-simple-dmz- nsg/providers/Microsoft.KeyVault/vaults/GABSG-KeyVault-Demo' Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $keyVaultResourceId
  • 42. Antimalware for VM  Only supportWindows Server 2008 R2, 2012 and 2012 R2. Name in 2016 isWindows Defender.  Enable Antimalware forVM by:  Azure portal (Security Extension)  Visual StudioVM configuration  PowerShell  Azure Security Center  Enabling Antimalware through the Azure portal does not enable its diagnostics logs. PowerShell can help  GUI is not available until you modify UILockdown key in HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftM icrosoft AntimalwareUX Configuration Azure Storage Antimalware service Antimalware events Antimalware Signature Engine & Platform Updates
  • 43. Automate hardening VM  Use Azure Automation DSC to automate hardened configuration for your onboardingVM.  Build your own PowerShell script followed STIG guide or your own guide.  Local security policy  Built-in firewall  Anti-virus deployment  Other security setting  Hundreds of resources available https://github.com/powershell/dscresources Node Configuration Hardening Script Onboarding VMAzure DSC
  • 44. Sample template for User Right Configuration UserRights { Import-DscResource -ModuleName SecurityPolicyDsc Node localhost { #Assign shutdown privileges to only BuiltinAdministrators UserRightsAssignment AssignShutdownPrivilegesToAdmins { Policy = "Shut_down_the_system" Identity = "BuiltinAdministrators" } #Assign access from the network privileges to "contosoTestUser1" and "contosoTestUser2" UserRightsAssignment AccessComputerFromNetwork { Policy = "Access_this_computer_from_the_network" Identity = "contosoTestUser1","contosoTestUser2" } } } UserRights -OutputPath c:dsc Start-DscConfiguration -Path c:dsc -Verbose -Wait -Force http://bit.ly/azuredscusr
  • 45. Receipt 03: Identity Protection
  • 46. Azure Hierarchy Microsoft Azure Resource Group Azure resources  One AzureAD linked to one supscription.  One resource can only be linked to one resource group.  AzureAD manages all type of resources with role-based access control mechanism Azure AD Azure Supscription Microsoft Account
  • 47. Two-Factor Auth on Azure Portal  First step to securing everything in Azure portal  Currently can’t force Microsoft account to use multi-factor auth  Control multi-factor auth via https://account.activedirectory.wind owsazure.com/usermanagement/m ultifactorverification.aspx  If AzureAD account, use Conditional access to force multi-factor auth Guide: http://thuansoldier.net/?p=5002
  • 48. Role-based Access Control  Allow you to grant specific permission to user/group to perform their tasks in Azure  Assignable to users, groups or service principals.  Changes on access are logged in Azure event. Use PowerShell to generate the report  Get-AzureRMAuthorizationChangeLog
  • 49. Azure AD Identity Protection  Build a risk-based policy to automatically protect identities  Leaked credentials  Impossible travel to atypical locations  Sign-ins from infected devices  Sign-ins from anonymous IP addresses  Sign-ins from IP addresses with suspicious activity  Signs in from unfamiliar locations  Available onAzure AD Premium
  • 50. Receipt 04: Protect your Azure resources
  • 51. Azure Security Center • An intelligent service to help prevent, detect and respond to threats. • It applies advanced analytics, machine learning and behavioral analysis. • Can monitor one or more subscriptions in a centralized view.
  • 53. Security Alert  Alert you if a resource is being attacked  Available in StandardTier  Worth using if your environment is large and critical to your business.
  • 54. Azure Advisor  AzureAdvisor integrates with Azure Security Center to show you theVM security related recommendations.  High Availability & Performance recommendations
  • 55. Key takeway  Defend your IaaS before deep-dive security implementation (e.g. intelligent security, high-class crypto….)  DevOps can help to make a deployable compliance template across your IaaS.  Cost for security breach may be much large than the one for implementation.  Tons of security solutions in Azure Marketplace to take a look.
  • 56. Summy of what’s been discussed Virtual Network Network Security Group Network User Defined Routing VPN Gateway ExpressRoute Load Balancer Appligation Gateway AzureActive Directory NetworkVirtual Appliance VirtualMachine Azure Disk Encryption Azure KeyVault Azure Antimalware Identity AzureActive Directory Role-based Access Control Monitoring&Ops Azure Security Advisor Azure Security Center Azure Automation Would I be missing any of services here?
  • 57. Additional references • https://docs.microsoft.com/en-us/azure/security/azure-security- network-security-best-practices • https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure- network-security-groups-nsg-best-practices-and-lessons-learned/ • https://docs.microsoft.com/en-us/azure/security/azure-security-best- practices-vms • https://docs.microsoft.com/en-us/azure/security/azure-security- identity-management-best-practices
  • 58. GetStartedwithMicrosoftAzure Get theSDKs and command-line tools you need http://azure.microsoft.com/en-us/downloads/ Learn more http://azure.microsoft.com/ Likeusour Facebook page Joinus@ meetup group
  • 59. Q & A