SlideShare ist ein Scribd-Unternehmen logo

Class Project: Security in Microsoft Azure

Als PPTX, PDF herunterladen
S
saitoserge

This is my class research project which is a presentation about security in Microsoft Azure.

Technologie
1 von 20
Pace University IT 612 – Web Server Setup Configuration & Security Student: Yao, Chung-Hui Professor: Dr. Hevel Jean-Baptiste Date: May, 2014 Security in Microsoft Azure 6/10/2014 Enter Your Main Title Here 1
IT 612 – Web Server Setup, Configuration & Security Abstract: Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft. It’s said that 54% of Fortune 500 companies already use Azure. This project will look at the potential threat/attack web applications will face when hosting on Microsoft Azure platform and some of the best practice for secure environment. 6/10/2014 2
IT 612 – Web Server Setup, Configuration & Security Introduction: Hosting application, services, and website on Microsoft Azure means the physical infrastructure is left in the hands of cloud provider. Since we no longer need to secure the network or the host, it is up to the developer to secure the application. We will exam how security is handled differently in cloud platform by reviewing OWASP Top 10 Vulnerabilities from 2013. we will also highlight unique feature in Microsoft Azure help mitigate vulnerabilities. 6/10/2014 3
IT 612 – Web Sever Setup Configuration & Security Background of your study: This topic idea began when I had the opportunity to compare the two different cloud platforms: Amazon Web Service (AWS) and Microsoft Azure. At that time, someone told me that the cloud provider will take care of everything so we do not need to implement any security measure. After learning more about web and internet security from another class, I am interested to explore if we need to apply different security baseline when our web application is hosted on Microsoft Azure 6/10/2014 4
IT 612 – Web Sever Setup Configuration & Security Analysis: OWASP Top 10 • Injection • Broken Authentication and Session • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration 6/10/2014 5
IT 612 – Web Sever Setup Configuration & Security • Sensitive Data Exposure • Missing Function Level Access Control • Cross-Site Request Forgery • Using Components with Known Vulnerabilities • Unvalidated Redirect and Forwards Notable mention • Distributed Denial-of-Service (DDoS) 6/10/2014 6
IT 612 – Web Server Setup, Configuration & Security Injection • Azure will patch SQL • Avoid building connection strings using string concatenation, use SqlConnectionStringBuilder class instead. • Implement “escaping” to validate input • Run SQL query with least privilege possible 6/10/2014 7
IT 612 – Web Server Setup, Configuration & Security Broken Authentication and Session • SSL connection to management portal • Assign random port number for RDP and Powershell to manage VM • Access Control Service (ACS)  authenticate with existing, mature account service such as Google, Yahoo, Facebook account.  developer need to follow recommendation 6/10/2014 8
IT 612 – Web Server Setup, Configuration & Security Cross-Site Scripting (XSS) • Follow same security practice within Azure environment • Validate and sanitize user input • Protect session authentication cookie 6/10/2014 9
IT 612 – Web Server Setup, Configuration & Security Insecure Direct Object References • Isolation  VM to VM within deployment  different deployment within subscription cannot communicate unless assigned to same virtual network • Private IP ACL and Public IP ACL 6/10/2014 10
IT 612 – Web Server Setup, Configuration & Security Security Misconfiguration • VM provisioned from template with strict security baseline • Block inbound connection from internet by default • Have to specifically open ports • Azure Active Directory with Access Control Service fine-tune permission 6/10/2014 11
IT 612 – Web Server Setup, Configuration & Security Sensitive Data Exposure • Encrypt database content or database itself • Built-in firewall in Azure SQL database • Enable encrypted connection (SSL) to Azure SQL Database • Encrypt connection from web server to client • Encrypt session cookies on client side 6/10/2014 12
IT 612 – Web Server Setup, Configuration & Security Missing Function Level Access Control • Azure Active Directory Control  Provide group based or role based entitlement • Microsoft Azure Dashboard  access to logs and status for auditing • Third Party App to audit application workflow  Cerebrata Azure Management Studio 6/10/2014 13
IT 612 – Web Server Setup, Configuration & Security Cross-Site Request Forgery • Follow traditional practice  Set shorter session time  Prevent user from submitting form data multiple times  Implement CAPTCHA before submits 6/10/2014 14
IT 612 – Web Server Setup, Configuration & Security Using Components with Known Vulnerabilities • Azure handle OS Update and Software Patches • Monitor vulnerabilities through public database such as NVD and CVE • NVD listed vulnerability in Azure SDK v 1.3 which has since updated. 6/10/2014 15
IT 612 – Web Server Setup, Configuration & Security Unvalidated Redirect and Forwards • Avoid using redirect and forwards • Validate redirect and forward request • Microsoft Azure isolation restrict destination • Developer should use mapped value within application instead of URL 6/10/2014 16
IT 612 – Web Server Setup, Configuration & Security Distributed Denial-of-Service (DDoS) • Azure has built-in defense against DDoS - limit rate and connection - drop offending VM within environment • Deploy application firewall(Ex. Barracuda) • Windows Azure Traffic Manager; load balance • High-Availability; deploy more instance in case of attack 6/10/2014 17
IT 612 – Web Server Setup Configuration & Security Diagram and others: 6/10/2014 18
IT 612 – Web Sever Setup Configuration & Security Conclusion and other researches: After reviewing OWASP Top 10 vulnerabilities from 2013 and Distributed Denial-of-Service attack, we see that Microsoft Azure does have certain unique features that mitigate some of the vulnerabilities such as Windows Azure Traffic Manager and Access Control Service. We don’t need to worry about securing network or securing the host. But Developers have more responsibility now and need to concentrate on securing the application itself. Code review and code analyze become very important in the cloud platform since now the environment is as secure as the application it host. 6/10/2014 19
IT 612 – Web Server Setup Configuration & Security Q&A 6/10/2014 20

Empfohlen

Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active DirectoryEng Teong Cheah
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchJochen Kressin
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 

Empfohlen

Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active DirectoryEng Teong Cheah
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchJochen Kressin
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active DirectoryJoonas Westlin
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesJoonas Westlin
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4Lalit Rawat
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
Access Security - Enterprise governance
Access Security - Enterprise governanceAccess Security - Enterprise governance
Access Security - Enterprise governanceEng Teong Cheah
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureLETA IT-company
 
Spring security
Spring securitySpring security
Spring securitysakhibarun
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 
How to Build a Modern Social Enterprise
How to Build a Modern Social EnterpriseHow to Build a Modern Social Enterprise
How to Build a Modern Social EnterpriseHARMAN Services
 
Clouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal PereraClouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal PereraOmal Perera
 

Weitere ähnliche Inhalte

Was ist angesagt?

Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active DirectoryJoonas Westlin
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesJoonas Westlin
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4Lalit Rawat
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimizationAllen Brokken
 
Access Security - Enterprise governance
Access Security - Enterprise governanceAccess Security - Enterprise governance
Access Security - Enterprise governanceEng Teong Cheah
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureLETA IT-company
 
Spring security
Spring securitySpring security
Spring securitysakhibarun
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionGabriel Villa
 

Was ist angesagt? (20)

Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active Directory
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed Identities
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Azure security
Azure securityAzure security
Azure security
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resources
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vault
 
Server update management optimization
Server update management optimizationServer update management optimization
Server update management optimization
 
Access Security - Enterprise governance
Access Security - Enterprise governanceAccess Security - Enterprise governance
Access Security - Enterprise governance
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
SafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual InfrastructureSafeNet ProtectV Data Protection for Virtual Infrastructure
SafeNet ProtectV Data Protection for Virtual Infrastructure
 
Spring security
Spring securitySpring security
Spring security
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical Challenge
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion Prevention
 

Andere mochten auch

How to Build a Modern Social Enterprise
How to Build a Modern Social EnterpriseHow to Build a Modern Social Enterprise
How to Build a Modern Social EnterpriseHARMAN Services
 
Clouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal PereraClouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal PereraOmal Perera
 
A Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public CloudA Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public CloudZNetLive
 
Aws compete latest (00000005) js
Aws compete latest (00000005) jsAws compete latest (00000005) js
Aws compete latest (00000005) jsSoHo Dragon
 
Microsoft cloud profitability scenarios
Microsoft cloud profitability scenariosMicrosoft cloud profitability scenarios
Microsoft cloud profitability scenariosMedhy Sandjak
 
Introduzione al cloud computing e microsoft azure
Introduzione al cloud computing e microsoft azureIntroduzione al cloud computing e microsoft azure
Introduzione al cloud computing e microsoft azureAngelo Gino Varrati
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
Microsoft Azure Explained - Hitesh D Kesharia
Microsoft Azure Explained - Hitesh D KeshariaMicrosoft Azure Explained - Hitesh D Kesharia
Microsoft Azure Explained - Hitesh D KeshariaHARMAN Services
 
Extending your Data center to the cloud with windows Azure
Extending your Data center to the cloud with windows AzureExtending your Data center to the cloud with windows Azure
Extending your Data center to the cloud with windows AzureMohamed Gaafar
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureXpand IT
 

Andere mochten auch (16)

How to Build a Modern Social Enterprise
How to Build a Modern Social EnterpriseHow to Build a Modern Social Enterprise
How to Build a Modern Social Enterprise
 
Clouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal PereraClouding with Microsoft Azure - Omal Perera
Clouding with Microsoft Azure - Omal Perera
 
A Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public CloudA Quick Introduction to Microsoft Azure Public Cloud
A Quick Introduction to Microsoft Azure Public Cloud
 
Intro to Azure Webjobs
Intro to Azure WebjobsIntro to Azure Webjobs
Intro to Azure Webjobs
 
Aws compete latest (00000005) js
Aws compete latest (00000005) jsAws compete latest (00000005) js
Aws compete latest (00000005) js
 
Microsoft cloud profitability scenarios
Microsoft cloud profitability scenariosMicrosoft cloud profitability scenarios
Microsoft cloud profitability scenarios
 
Introduzione al cloud computing e microsoft azure
Introduzione al cloud computing e microsoft azureIntroduzione al cloud computing e microsoft azure
Introduzione al cloud computing e microsoft azure
 
Intro to cloud computing
Intro to cloud computingIntro to cloud computing
Intro to cloud computing
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Microsoft Azure Explained - Hitesh D Kesharia
Microsoft Azure Explained - Hitesh D KeshariaMicrosoft Azure Explained - Hitesh D Kesharia
Microsoft Azure Explained - Hitesh D Kesharia
 
Extending your Data center to the cloud with windows Azure
Extending your Data center to the cloud with windows AzureExtending your Data center to the cloud with windows Azure
Extending your Data center to the cloud with windows Azure
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft Azure
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 

Ähnlich wie Class Project: Security in Microsoft Azure

Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure introHaddy El-Haggan
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows AzureHaddy El-Haggan
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questionsShivamSharma909
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security CenterLalit Rawat
 
SQL ON Azure (decision-matrix)
SQL ON Azure (decision-matrix)SQL ON Azure (decision-matrix)
SQL ON Azure (decision-matrix)PARIKSHIT SAVJANI
 
Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013sqlserver.co.il
 
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelGeek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelIDERA Software
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...K data
 
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...David J Rosenthal
 
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfMicrosoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfInfosec train
 
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfMicrosoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfpriyanshamadhwal2
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Canada
 

Ähnlich wie Class Project: Security in Microsoft Azure (20)

Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure intro
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows Azure
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questions
 
SQL Database on Azure
SQL Database on AzureSQL Database on Azure
SQL Database on Azure
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
 
SQL ON Azure (decision-matrix)
SQL ON Azure (decision-matrix)SQL ON Azure (decision-matrix)
SQL ON Azure (decision-matrix)
 
Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013
 
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelGeek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
Latest Microsoft Azure Solutions and Announcements - Presented by atidan june...
 
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfMicrosoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
 
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdfMicrosoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
10052016115136.pptx
10052016115136.pptx10052016115136.pptx
10052016115136.pptx
 
Cisco Data Center Orchestration Solution
Cisco Data Center Orchestration SolutionCisco Data Center Orchestration Solution
Cisco Data Center Orchestration Solution
 

Kürzlich hochgeladen

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Kürzlich hochgeladen (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Class Project: Security in Microsoft Azure

  • 1. Pace University IT 612 – Web Server Setup Configuration & Security Student: Yao, Chung-Hui Professor: Dr. Hevel Jean-Baptiste Date: May, 2014 Security in Microsoft Azure 6/10/2014 Enter Your Main Title Here 1
  • 2. IT 612 – Web Server Setup, Configuration & Security Abstract: Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft. It’s said that 54% of Fortune 500 companies already use Azure. This project will look at the potential threat/attack web applications will face when hosting on Microsoft Azure platform and some of the best practice for secure environment. 6/10/2014 2
  • 3. IT 612 – Web Server Setup, Configuration & Security Introduction: Hosting application, services, and website on Microsoft Azure means the physical infrastructure is left in the hands of cloud provider. Since we no longer need to secure the network or the host, it is up to the developer to secure the application. We will exam how security is handled differently in cloud platform by reviewing OWASP Top 10 Vulnerabilities from 2013. we will also highlight unique feature in Microsoft Azure help mitigate vulnerabilities. 6/10/2014 3
  • 4. IT 612 – Web Sever Setup Configuration & Security Background of your study: This topic idea began when I had the opportunity to compare the two different cloud platforms: Amazon Web Service (AWS) and Microsoft Azure. At that time, someone told me that the cloud provider will take care of everything so we do not need to implement any security measure. After learning more about web and internet security from another class, I am interested to explore if we need to apply different security baseline when our web application is hosted on Microsoft Azure 6/10/2014 4
  • 5. IT 612 – Web Sever Setup Configuration & Security Analysis: OWASP Top 10 • Injection • Broken Authentication and Session • Cross-Site Scripting (XSS) • Insecure Direct Object References • Security Misconfiguration 6/10/2014 5
  • 6. IT 612 – Web Sever Setup Configuration & Security • Sensitive Data Exposure • Missing Function Level Access Control • Cross-Site Request Forgery • Using Components with Known Vulnerabilities • Unvalidated Redirect and Forwards Notable mention • Distributed Denial-of-Service (DDoS) 6/10/2014 6
  • 7. IT 612 – Web Server Setup, Configuration & Security Injection • Azure will patch SQL • Avoid building connection strings using string concatenation, use SqlConnectionStringBuilder class instead. • Implement “escaping” to validate input • Run SQL query with least privilege possible 6/10/2014 7
  • 8. IT 612 – Web Server Setup, Configuration & Security Broken Authentication and Session • SSL connection to management portal • Assign random port number for RDP and Powershell to manage VM • Access Control Service (ACS)  authenticate with existing, mature account service such as Google, Yahoo, Facebook account.  developer need to follow recommendation 6/10/2014 8
  • 9. IT 612 – Web Server Setup, Configuration & Security Cross-Site Scripting (XSS) • Follow same security practice within Azure environment • Validate and sanitize user input • Protect session authentication cookie 6/10/2014 9
  • 10. IT 612 – Web Server Setup, Configuration & Security Insecure Direct Object References • Isolation  VM to VM within deployment  different deployment within subscription cannot communicate unless assigned to same virtual network • Private IP ACL and Public IP ACL 6/10/2014 10
  • 11. IT 612 – Web Server Setup, Configuration & Security Security Misconfiguration • VM provisioned from template with strict security baseline • Block inbound connection from internet by default • Have to specifically open ports • Azure Active Directory with Access Control Service fine-tune permission 6/10/2014 11
  • 12. IT 612 – Web Server Setup, Configuration & Security Sensitive Data Exposure • Encrypt database content or database itself • Built-in firewall in Azure SQL database • Enable encrypted connection (SSL) to Azure SQL Database • Encrypt connection from web server to client • Encrypt session cookies on client side 6/10/2014 12
  • 13. IT 612 – Web Server Setup, Configuration & Security Missing Function Level Access Control • Azure Active Directory Control  Provide group based or role based entitlement • Microsoft Azure Dashboard  access to logs and status for auditing • Third Party App to audit application workflow  Cerebrata Azure Management Studio 6/10/2014 13
  • 14. IT 612 – Web Server Setup, Configuration & Security Cross-Site Request Forgery • Follow traditional practice  Set shorter session time  Prevent user from submitting form data multiple times  Implement CAPTCHA before submits 6/10/2014 14
  • 15. IT 612 – Web Server Setup, Configuration & Security Using Components with Known Vulnerabilities • Azure handle OS Update and Software Patches • Monitor vulnerabilities through public database such as NVD and CVE • NVD listed vulnerability in Azure SDK v 1.3 which has since updated. 6/10/2014 15
  • 16. IT 612 – Web Server Setup, Configuration & Security Unvalidated Redirect and Forwards • Avoid using redirect and forwards • Validate redirect and forward request • Microsoft Azure isolation restrict destination • Developer should use mapped value within application instead of URL 6/10/2014 16
  • 17. IT 612 – Web Server Setup, Configuration & Security Distributed Denial-of-Service (DDoS) • Azure has built-in defense against DDoS - limit rate and connection - drop offending VM within environment • Deploy application firewall(Ex. Barracuda) • Windows Azure Traffic Manager; load balance • High-Availability; deploy more instance in case of attack 6/10/2014 17
  • 18. IT 612 – Web Server Setup Configuration & Security Diagram and others: 6/10/2014 18
  • 19. IT 612 – Web Sever Setup Configuration & Security Conclusion and other researches: After reviewing OWASP Top 10 vulnerabilities from 2013 and Distributed Denial-of-Service attack, we see that Microsoft Azure does have certain unique features that mitigate some of the vulnerabilities such as Windows Azure Traffic Manager and Access Control Service. We don’t need to worry about securing network or securing the host. But Developers have more responsibility now and need to concentrate on securing the application itself. Code review and code analyze become very important in the cloud platform since now the environment is as secure as the application it host. 6/10/2014 19
  • 20. IT 612 – Web Server Setup Configuration & Security Q&A 6/10/2014 20