Category Archives : Security

10

Aug

Enhance security and simplify network integration with Extension Host on Azure Stack

We are excited to share a new capability we are bringing to Azure Stack to further enhance the security posture and simplify network integration for our customers. Today, each Azure Service on Azure Stack adds functionality to the portal for its portal experience via a module called, a portal extension. Each of these portal extensions uses a separate network port. As the number of Azure services increases, so do the number of ports that must be opened on a firewall that supports Azure Stack.

Our customers told us we need to improve this this posture, and we’ve listened. We’re bringing the Extension Host solution to Azure Stack so only one port (443) is required to be opened. This solution is already available on Azure, allowing all requests to be funneled through one port, reducing the ports that need to be opened on the firewall, and allowing customers to communicate with these end points via proxy servers.

In its first release, the User and Admin portal default extensions have moved to this model, thereby reducing the number of ports from 27 to one. Over time, additional services such as the SQL and MySQL providers will also be changed to use the

08

Aug

Security Bulletin for August 2018
Security Bulletin for August 2018

August 6, 2018:

Microsoft is aware of a temporary denial of service (DoS) vulnerability (CVE-2018-5390) affecting the Linux Kernel. Virtual Machines running Linux may be vulnerable. The Azure Host platform remains secure from this vulnerability. We are working with various Linux distributions to ensure that they address this security issue.

For guidance on (CVE-2018-5390) please refer to the Linux vendor security channels for your distribution. To learn more about the vulnerability, please visit Vulnerability Notes Database.

We will continue to update this advisory as additional details become available.

08

Aug

Security Bulletin for August 2018
Security Bulletin for August 2018

August 6, 2018:

Microsoft is aware of a temporary denial of service (DoS) vulnerability (CVE-2018-5390) affecting the Linux Kernel. Virtual Machines running Linux may be vulnerable. The Azure Host platform remains secure from this vulnerability. We are working with various Linux distributions to ensure that they address this security issue.

For guidance on (CVE-2018-5390) please refer to the Linux vendor security channels for your distribution. To learn more about the vulnerability, please visit Vulnerability Notes Database.

We will continue to update this advisory as additional details become available.

06

Aug

Enhance your DevSecOps practices with Azure Security Center’s newest playbooks

Cloud-hosted workloads offer excellent scalability, ease of deployment, and pre-secured infrastructure for your workloads. However, the workloads themselves may still be susceptible to attack by cybercriminals. To help safeguard your resources in the cloud, you need to be able to keep up with threats, harden your resources that could be vulnerable to attacks, and deploy techniques to ensure that protection mechanisms are working.

Avyan Consulting partnered with the Azure Security Center team to build attack simulation playbooks for demonstration and training purposes. Azure administrators may use these playbooks to deploy fully operational web and Compute workloads, security management tools such as Azure Security Center & Web App Firewalls (WAFs), and SQL threat protection. Once deployed, the administrator can invoke attacks against the workloads, executing similar techniques used by adversaries around the world. These attack simulations are applied using the supplied instructions and automation. The playbooks cover four common attack scenarios simulations:

Scenario

Description

VM-Virus-Attack

To showcase Virus attack on a Virtual Machine detection & prevention

SQL-Injection-Attack-WebApp

To showcase SQL injection attack detection & prevention on a Web Application (Web App + SQL DB)

XSS-Attack-WebApp

06

Aug

Enhance your DevSecOps practices with Azure Security Center’s newest playbooks

Cloud-hosted workloads offer excellent scalability, ease of deployment, and pre-secured infrastructure for your workloads. However, the workloads themselves may still be susceptible to attack by cybercriminals. To help safeguard your resources in the cloud, you need to be able to keep up with threats, harden your resources that could be vulnerable to attacks, and deploy techniques to ensure that protection mechanisms are working.

Avyan Consulting partnered with the Azure Security Center team to build attack simulation playbooks for demonstration and training purposes. Azure administrators may use these playbooks to deploy fully operational web and Compute workloads, security management tools such as Azure Security Center & Web App Firewalls (WAFs), and SQL threat protection. Once deployed, the administrator can invoke attacks against the workloads, executing similar techniques used by adversaries around the world. These attack simulations are applied using the supplied instructions and automation. The playbooks cover four common attack scenarios simulations:

Scenario

Description

VM-Virus-Attack

To showcase Virus attack on a Virtual Machine detection & prevention

SQL-Injection-Attack-WebApp

To showcase SQL injection attack detection & prevention on a Web Application (Web App + SQL DB)

XSS-Attack-WebApp

06

Aug

Accelerate healthcare initiatives with Azure UK NHS blueprints

Today, the healthcare industry is confronting many complex and daunting challenges that include demands to:

Increase patient engagement. Take advantage of big data, analytics, artificial Intelligence (AI), and machine learning (ML). Integrate consumer health apps, wearables, and the Internet of Medical Things (IoMT). Combat cybersecurity threats, breaches, and ransomware.

In the midst of this, however, healthcare organizations must continue to:

Deliver the best patient care. Improve patient outcomes. Reduce healthcare costs (now 7 percent of GDP in the UK and almost 18 percent of GDP in the United States). Enhance patient and clinician experiences.

And all with limited budget and resources!

Cloud computing can help healthcare organizations focus on patient care and reducing costs, and it enables IT to be more flexible, agile, scalable, and secure as the healthcare industry changes and grows.

A key challenge to adopting cloud computing is that healthcare needs solutions, not IT projects. Healthcare organizations of every size often have limited IT and cybersecurity resources burdened with maintaining existing IT infrastructure.

So how can they create new solutions?

Rx: Blueprints

To rapidly acquire new capabilities and implement new solutions, healthcare IT and developers can now take advantage of industry-specific Azure Blueprints. These are packages that

06

Aug

Accelerate healthcare initiatives with Azure UK NHS blueprints

Today, the healthcare industry is confronting many complex and daunting challenges that include demands to:

Increase patient engagement. Take advantage of big data, analytics, artificial Intelligence (AI), and machine learning (ML). Integrate consumer health apps, wearables, and the Internet of Medical Things (IoMT). Combat cybersecurity threats, breaches, and ransomware.

In the midst of this, however, healthcare organizations must continue to:

Deliver the best patient care. Improve patient outcomes. Reduce healthcare costs (now 7 percent of GDP in the UK and almost 18 percent of GDP in the United States). Enhance patient and clinician experiences.

And all with limited budget and resources!

Cloud computing can help healthcare organizations focus on patient care and reducing costs, and it enables IT to be more flexible, agile, scalable, and secure as the healthcare industry changes and grows.

A key challenge to adopting cloud computing is that healthcare needs solutions, not IT projects. Healthcare organizations of every size often have limited IT and cybersecurity resources burdened with maintaining existing IT infrastructure.

So how can they create new solutions?

Rx: Blueprints

To rapidly acquire new capabilities and implement new solutions, healthcare IT and developers can now take advantage of industry-specific Azure Blueprints. These are packages that

31

Jul

Azure management groups now in general availability

I am very excited to announce today general availability of Azure management groups to all our customers. Management groups allow you to organize your subscriptions and apply governance controls, such as Azure Policy and Role-Based Access Controls (RBAC), to the management groups. All subscriptions within a management group automatically inherit the controls applied to the management group. No matter if you have an Enterprise Agreement, Certified Solution Partner, Pay-As-You-Go, or any other type of subscription, this service gives all Azure customers enterprise-grade management at a large scale for no additional cost.

With the GA launch of this service, we introduce new functionality to Azure that allows customers to group subscriptions together so that you can apply a policy or RBAC role to multiple subscriptions, and their resources, with one assignment. Management groups not only allow you to group subscriptions but also allows you to group other management groups to form a hierarchy. The following diagram shows an example of creating a hierarchy for governance using management groups.

By creating a hierarchy like this you can apply a policy, for example, VM locations limited to US West Region on the group “Infrastructure Team management group” to enable internal compliance and

30

Jul

Experts tips on hardening security with Azure security
Experts tips on hardening security with Azure security

Note: This blog was authored by the Microsoft Threat Intelligence Center.

Microsoft Azure provides a secure foundation for customers to host their infrastructure and applications. Microsoft’s secure foundation spans across physical, infrastructure, and operational security. Part of our operational security includes over 3,500 cybersecurity experts across different teams that are dedicated to security research and development. The Microsoft Threat Intelligence Center is just one of the security teams at Microsoft that encounters and mitigates against threats across the security landscape.

On today’s episode of Microsoft Mechanics, you’ll see how the work of the Microsoft Threat Intelligence Center is helping to secure Azure and the global security landscape. This team works to identify issues such as peer to peer networking software, standard botnet and ransomware attacks, and adversary-based threats from hackers or nation state sponsored groups.

The team also has a broad view across many geographies and a view of the services that run in Azure. With this insight, the team can see common attack patterns. These patterns can be at the network level, service level, app level, or OS level. As soon as an exploit is detected, the Microsoft Threat Intelligence Center works with other teams at Microsoft to build

26

Jul

How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage:

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to