Secure your Cloud | Azure Security Center

Security is the most important thing in any data center. So is in the cloud. Microsoft Azure as a cloud platform has various mechanisms to ensure the integrity of customer workloads. The newest addition to this set of tools is the Azure Security Center, a single console to prevent, detect, and respond to security vulnerabilities in your Azure environment.

What it can do?

According to Microsoft following are the key capabilities in Azure Security Center Preview. I believe that when this service reaches General Availability we will have more features.

Prevent

  • Monitors the security state of your Azure resources
  • Defines policies for your Azure subscriptions based on your company’s security requirements and the type of applications or sensitivity of your data
  • Uses policy-driven security recommendations to guide service owners through the process of implementing needed controls
  • Rapidly deploys security services and appliances from Microsoft and partners

Detect

  • Automatically collects and analyses security data from your Azure resources, the network, and partner solutions like antimalware and firewalls
  • Leverages global threat intelligence from Microsoft products and services, Digital Crime and Incident Response Centers, and external feeds
  • Applies advanced analytics, including machine learning and behavioral analysis

Respond

  • Provides prioritized security incidents/alerts
  • Offers insights into the source of the attack and impacted resources
  • Suggests ways to stop the current attack and help prevent future attacks

In this post let’s see how we can set the security policies for your Azure subscriptions and try to understand the logic behind security data collection in Azure.

Understanding Security policies

Security policies are subscription wide which means there is one policy per subscription. Important thing to note is that you must be an Owner or Contributor of a subscription to modify it’s security policy.

Setting Security Policy 1

After selecting the subscription which you need to set the security policy you can select relevant policies as below.

Setting Security Policy 2

Following table describe what each of these policies mean and you can customize these according to your requirement.

Policy

State On

System Updates

Retrieves a list of available updates from Windows Update or WSUS, depending on which service is configured for that virtual machine, every 12 hours and recommends missing updates be installed on your Windows virtual machines.

Baseline Rules Analyzes all supported virtual machines every 12 hours to identify any OS configurations that could make the virtual machine more vulnerable to attack and recommends configuration changes to address these vulnerabilities.
Antimalware Recommends antimalware be provisioned for all Windows virtual machines to help identify and remove viruses, spyware, and other malicious software.
Access Control List on endpoints Recommends that an Access Controls List (ACL) be configured to limit access to a Classic virtual machine endpoints. This would typically be used to ensure that only users who are connected to the corporate network can access the virtual machines.
Network security groups on Subnets and Network Interface Recommends that Network Security Groups (NSGs) be configured to control inbound and outbound traffic to subnets and network interfaces for Resource Manager virtual machines. NSGs configured for a subnet will be inherited by all virtual machine network interfaces unless otherwise specified. In addition to checking that an NSG has been configured, Inbound Security Rules are assessed to identify rules that allow Any incoming traffic.
Web Application Firewall Recommends a Web Application Firewall be provisioned on Resource Manager virtual machines when: Instance Level Public IP (ILPIP) is used and the associated NSG Inbound Security Rules are configured to allow access to port 80/443. Load Balanced IP (VIP) is used and the associated load balancing and inbound NAT rules are configured to allow access to port 80/443.
SQL Auditing Recommends that auditing of access to Azure SQL Servers and Databases be enabled for compliance, advanced detection and investigation purposes.
SQL Transparent Data Encryption Recommends that encryption at rest be enabled for your Azure SQL databases, associated backups and transaction log files so that even if your data is breached, it will not be readable.

Source : Microsoft Azure Security Center Documentation

Let’s see how we can enable security health monitoring  and how to  manage and respond to security alerts in Azure Security Center in another post.

 

Azure Service Update | Static Public IP addresses for Azure VMs are now available

As you may already aware earlier this month Microsoft has announced the general availability of the new Azure portal with Azure Resource Manager Deployment (ARM) model. Most of the Azure services that are available in the Classic Deployment model are now available in ARM model except a very few. However Microsoft introduces regular enhancements to the fabric providing a much smoother cloud experience to the customers.

In the recent service update Microsoft has enabled the capability for a Static public IP addresses to be assigned directly to a virtual machine (VM) created using the ARM  deployment model. Previously we were only able to assign a  dynamic public IP address to the network adapter of the VM.

There is a difference in classic deployment model where a static public IP address can only be assigned to cloud services. which is called as a reserved IP. But you can assign a Instance Level Dynamic PIP to a VM in classic model and that hasn’t been changed with this service update.

If you are new to Azure Networking following references will be much valuable to decide how you want to plan networking & connectivity in the cloud.

Hotfix released for SCSM 2012 R2 HTML Self Service Portal

When Microsoft released the Update Rollup 8 package for Service Manager 2012 R2 everyone was so excited to get hands on with the new HTML Self Service Portal replacing the SilverLight dependency. However there were number of issues with this release preventing customers from upgrading to new HTML portal. Recently Microsoft has released a hotfix (KB3124091) to overcome these issues in the UR8 package and to provide a much smoother user experience in the new HTML portal.

Bugfixes in KB3124091

  • Affected user and Created by user is getting set to the service account
  • Query type form element is not working for the Incident and User classes
  • Request Offering forms are failing to load if a Query type form element is part of the form
  • Username token is not passing values to the mapped field
  • Cancelling request form does not work
  • Text is overlapping for long strings inside the list in the middle pane
  • Related activities inside My Requests always show state as active
  • Filters inside My Requests and My Activities is not working for some languages
  • Announcement is showing “Invalid Date” in Expired Date column for some languages
  • Comments in the request are using incorrect class
  • Required (mandatory) restriction is not working on query type form element
  • Query form element allows multiple selection even when it is configured for single item selection
  • Scroll bar does not work on some lower screen resolutions
  • Double scroll bar appears while browsing Help Articles
  • Some areas of portal are not rendering in Mozilla Firefox web browser
  • My Activities shows 0 instead of removing the notification sticker when no activity is in progress
  • With SSL enabled, the browser regularly prompts the message “Only secure content is displayed” with a button to “Show all content” while browsing the portal
  • “Added by” inside the action logs show domain\username instead of the display name of the user

New Features

  • Nested enumeration lists are now supported inside the Request offering forms
  • Portal now allows you to share and access different objects inside the portal with direct URLs. You can refer individual items inside the portal with following URL formats –
    • Request Offerings:
      https://[website_name]/Home/Makeform?BMEID=[bme_id]
    • Incident type requests:
      https://[website_name]/MyRequests/RequestDetails?type=IncidentRequest&id=[incident_id]
    • Service Request type requests:
      https://[website_name]/MyRequests/RequestDetails?type=ServiceRequest&id=[service_request_id]
    • Manual Activities:
      https://[website_name]/ MyActivities/ActivityDetails?type=ManualActivity&id=[manual_activity_id]
    • Review Activities:
      https://[website_name]/ MyActivities/ActivityDetails?type=ReviewActivity&id=[review_activity_id]
    • Help Articles:
      https://[website_name]/KnowledgeBase/article/[id_of_knowledge_article]

Installation Procedure

  1. Before you apply this hotfix  you should backup any customizations made in the portal sidebar. (Views\Shared\Sidebar.cshtml file). To learn more about side bar customization, please refer Customizing the left menu bar
  2. Download and install the hotfix on the server machine which hosting your Self Service Portal. Run the installer with administrative privileges.
  3. If the installation was successful you should be able to see Hotfix for Microsoft System Center Service Manager R2 Self Service Portal (KB3124091) listed under View Installed Updates in Control Panel > Programs and Features
  4. If you had any portal sidebar customizations as in step 1, then merge the required changes in the updated Views\Shared\Sidebar.cshtml file.
  5. Finally restart the server which is hosting your portal IIS server.

Visual Studio Authoring Extensions for Visual Studio 2015 now available

Alas the long wait is over. Microsoft has released VASE for Visual Studio 2015 recently. VASE new version supports both Community and Enterprise editions of Visual Studio 2015 and Microsoft has confirmed that hey will keep supporting older versions of Visual Studio 2012 & 2013 as well.

VASE is an an add-in for Visual Studio  which provides Life cycle Management Tools to support Management Pack Authoring for SCOM. One important thing is that this version doesn’t contain any feature enhancements from the previous version.

You can download VSAE for VS 2015 from here.