Tag Archives: Security

Secure your Cloud | Azure Security Center

Security is the most important thing in any data center. So is in the cloud. Microsoft Azure as a cloud platform has various mechanisms to ensure the integrity of customer workloads. The newest addition to this set of tools is the Azure Security Center, a single console to prevent, detect, and respond to security vulnerabilities in your Azure environment.

What it can do?

According to Microsoft following are the key capabilities in Azure Security Center Preview. I believe that when this service reaches General Availability we will have more features.

Prevent

  • Monitors the security state of your Azure resources
  • Defines policies for your Azure subscriptions based on your company’s security requirements and the type of applications or sensitivity of your data
  • Uses policy-driven security recommendations to guide service owners through the process of implementing needed controls
  • Rapidly deploys security services and appliances from Microsoft and partners

Detect

  • Automatically collects and analyses security data from your Azure resources, the network, and partner solutions like antimalware and firewalls
  • Leverages global threat intelligence from Microsoft products and services, Digital Crime and Incident Response Centers, and external feeds
  • Applies advanced analytics, including machine learning and behavioral analysis

Respond

  • Provides prioritized security incidents/alerts
  • Offers insights into the source of the attack and impacted resources
  • Suggests ways to stop the current attack and help prevent future attacks

In this post let’s see how we can set the security policies for your Azure subscriptions and try to understand the logic behind security data collection in Azure.

Understanding Security policies

Security policies are subscription wide which means there is one policy per subscription. Important thing to note is that you must be an Owner or Contributor of a subscription to modify it’s security policy.

Setting Security Policy 1

After selecting the subscription which you need to set the security policy you can select relevant policies as below.

Setting Security Policy 2

Following table describe what each of these policies mean and you can customize these according to your requirement.

Policy

State On

System Updates

Retrieves a list of available updates from Windows Update or WSUS, depending on which service is configured for that virtual machine, every 12 hours and recommends missing updates be installed on your Windows virtual machines.

Baseline Rules Analyzes all supported virtual machines every 12 hours to identify any OS configurations that could make the virtual machine more vulnerable to attack and recommends configuration changes to address these vulnerabilities.
Antimalware Recommends antimalware be provisioned for all Windows virtual machines to help identify and remove viruses, spyware, and other malicious software.
Access Control List on endpoints Recommends that an Access Controls List (ACL) be configured to limit access to a Classic virtual machine endpoints. This would typically be used to ensure that only users who are connected to the corporate network can access the virtual machines.
Network security groups on Subnets and Network Interface Recommends that Network Security Groups (NSGs) be configured to control inbound and outbound traffic to subnets and network interfaces for Resource Manager virtual machines. NSGs configured for a subnet will be inherited by all virtual machine network interfaces unless otherwise specified. In addition to checking that an NSG has been configured, Inbound Security Rules are assessed to identify rules that allow Any incoming traffic.
Web Application Firewall Recommends a Web Application Firewall be provisioned on Resource Manager virtual machines when: Instance Level Public IP (ILPIP) is used and the associated NSG Inbound Security Rules are configured to allow access to port 80/443. Load Balanced IP (VIP) is used and the associated load balancing and inbound NAT rules are configured to allow access to port 80/443.
SQL Auditing Recommends that auditing of access to Azure SQL Servers and Databases be enabled for compliance, advanced detection and investigation purposes.
SQL Transparent Data Encryption Recommends that encryption at rest be enabled for your Azure SQL databases, associated backups and transaction log files so that even if your data is breached, it will not be readable.

Source : Microsoft Azure Security Center Documentation

Let’s see how we can enable security health monitoring  and how to  manage and respond to security alerts in Azure Security Center in another post.

 

Protect your Private Cloud with 5Nine Cloud Security

When it comes to virtualization lot of people start asking questions about how they can secure their environment against security threats. Installing an AV solution inside individual VMs looks like the correct answer but what will happen in case of a network related security threat? Let’s explore the best answer for these issues in Hyper-V context.

5nine Cloud Security is an agentless security solution for Hyper-V which uses the extensible Hyper-V switch capabilities. This solution is capable of providing VM isolation, compliance and antivirus features.

5Nine also offers firewall, AV & IDS functions out of the box. The most important thing about this is it is an agent;less solution where you do not install any agent inside VMs to achieve these goals.

For hosters using Windows Azure Pack 5Nine offers Azure Pack extension which allows them to bring true IDS capabilities to their tenants. As the number of tenants increase security becomes the number one concern of any hoster. Not only that the 5Nine Cloud Security SCVMM plugin let you to deploy all these features via SCVMM if you are only focused about managing your own environment through SCVMM, making it easier to integrate both solutions.

All these features come at an attractive price $199/2 CPUs per host. If you are interested you can visit www.5nine.com for more information. Below is a short demonstration of what 5Nine Cloud Security can do to protect your Hyper-V Hosts, Private Cloud or Service Provider Cloud.

In a future post I’m going to discuss how to configure 5Nine Cloud Security to protect your Microsoft virtualization solution.

Cloud security with Microsoft Antimalware

For those who were not too sure about moving into the cloud thinking that your VMs won’t be protected from security threats do not need to worry about with Microsoft Cloud. During TechEd Europe 2014 Microsoft has introduced Microsoft Antimalware, a cloud based security solution for your Azure tenants.

Microsoft Antimalware uses the same engine behind Microsoft Security Essentials and Forefront EndPoint Protection & Windows Defender. Some say that these not so great products but guess what? I’ve seen a POC where it caught 99% of security threats in a customer environment that was designed for security testing where all the other vendors were not able to get that far.

It’s actually a Security-as-a-Service products which will run real time and download all the heuristics and definitions directly from the cloud. And most importantly user interaction required is minimal in this as it would be running in background and intelligently protecting your workloads against security threats.

Lets see what is required to use Antimalware in Azure.

  • Windows Server 2008 R2 or higher OS. Windows Server 2008 & Server Technical Preview is not yet supported.
  • VM Agent – You can enable VM agent at the time on VM creation or enable it later.
  • Latest Microsoft Azure PowerShell SDK Tools which contains the PowerShell cmdlets for Antimalware should be installed.
  • Azure Storage account for antimalware event collection.

How it works

  1. By default this extension is installed in Cloud Services but has been disabled. You can enable it using PowerShell. Please refer here for complete reference of PowerShell cmdlets for Antimalware.
  2. For VMs you can install this via Azure Portal as below or use the PowerShell cmdlets.Microsoft Antimalware VM
  3. Use Visual Studio Server Explorer for Azure for installing in VMs
  4.  Antimalware service management APIs- both VMs & Cloud services.

So remember to use Microsoft Antimalware for Azure workloads from now on if you are not too sure about the security that Microsoft has in place already.