Notes for deploying Acronis Virtual Firewall

November 30, 2020 Leave a comment

Components:

You can use either the setup application which will install all components or use MSI installer packages for unattended installations:

  • Management Service: installed on the host(s) or designated VM(s) that will be set as Management Server for the entire Windows Server/HyperV environment. (Note: multiple management servers could be deployed to provide disaster recovery function)
  • Virtual Router Management Service: installed on Virtual Router.
  • Management Console: installed on each host/VM that will be used by administrators to operate and control the system security/compliance rules application

Firewall Rules

(if deploying in Azure, make configure the NSG rules) :

Management ServerFirewall rules
from virtual router• TCP 8939 – 5nine.Antivirus.UpdateService endpoint
• TCP 8534 – Antivirus (AV) management endpoint
• TCP 8790 – vFirewall management endpoint
• TCP 8939 – IDS update service endpoint
• TCP 8183 – For signature updates of Snort Intrusion Detection System (IDS)
from Management Console• TCP 8789 – Client
to SQL Server DatabaseTCP 1433 (default) or other port defined in SQL configuration
to internet• TCP 80 – Snort IDS / AV update over HTTP
to DHCP server (if applicable)• UDP 68
Outbound to DNS server• UDP 53
to Syslog Server (if applicable)• UDP 514
to additional Cloud Security Management Services (if applicable)• TCP 8790
to Virtual Router• TCP 8533
• TCP 8788
Virtual RouterFirewall rules
from management server• TCP 8533 – AV management
• TCP 8788 – vFirewall management
from Azure VMs• TCP 8489 – AP agent communication
• TCP 3187, TCP 8943 – AP agent update service communication.
to management server• TCP 8534 – Antivirus (AV) management endpoint
• TCP port 8183 – For Cisco Snort Intrusion Detection System (IDS)
• TCP 8790 – vFirewall management endpoint
to internetTCP 80 – AV update over HTTP
to Azure VMsTCP 8287 – AP management endpoint
Azure Virtual MachinesFirewall rules
to virtual router• TCP 8489 – AP agent communication endpoint
• TCP 3187, TCP 8943 – AP agent update service
from virtual router• TCP 8287 – AP management endpoint
Management ConsoleFirewall rules
to management server• TCP 8789 – Client

Configuration for High Availability
For HA scenarios, you will need to install a separate instance of Management Service onto each server in the windows failover cluster pair, pointing to the same data source (SQL server). SQL server may also be set for high availability. From this point you will have to use cluster failover role IP address/FQDN instead of a standalone IP address/FQDN as a management service address when you need to connect to the management service.
When configuring high availability in the failover clustering, you will have to select the Generic Service option for Cloud Security Management Service and proceed with setup in a standard way.

Silent Install from MSI Packages
To install Cloud Security components silently from the command line, run the Setup Launcher Application and copy the MSI package files to c:\Setup or to another location as once the launcher application is closed the directory and contents will be deleted.

Example – Setup Router Service:
msiexec /i RouterServiceSetup.msi /qn /norestart /l* info.log
MANAGEMENT_SERVER=[Cloud Security FQDN name]
WINLOGIN=[DOMAIN\Administrator] WINPASS=[Password]

Note: To install the management console on the server where multiple users with different privileges work, the best practice is to select the option Use default credentials so that each time the management console is started the necessary privileges are granted on it. The same applies to tenants’ setup, the user that is currently running the management console instance must match the user, set to connect to the management service in order to get the right privileges. Refer to the Global Administrator and Tenants section

Adding Microsoft Azure Tenant Account
The main thing to do before starting anything with 5nine Cloud Security is to add Microsoft Azure Tenant Account. Click on Azure Connection Settings dialog by selecting Settings – Add Azure Tenant main menu option.

Global Administrator and Tenants
The User Management feature is designed to set permissions on 5nine Cloud Security objects (virtual machines) and operations performed through the management console.

It is crucial to set them appropriately. These permissions are unrelated to users’ permissions that are set in Windows or Active Directory (AD); they apply users’ rights solely for Cloud Security objects and operations.

The most important users that have to be created (added) in User Management are Global Users, particularly Global Administrator. This user will be able to see all the virtual machines that are managed by Cloud Security and to perform all the operations through the management console: set global rules, create/delete tenants , operate the antivirus feature and set permissions for other users.

Note: Before the Global Administrator is created, there are no permissions set and any user operating management console is considered as Global Administrator.

Categories: Cloud

SysAdmin Horror Stories

October 23, 2020 Leave a comment

We all know that a SysAdmin’s job is no easy task, and apart from constantly having systems to update, bugs to fix and users to please, SysAdmins encounter all sorts of situations throughout their careers. From tech situations to funny anecdotes, terrible mishaps or incidents with colleagues, this eBook includes real stories of what SysAdmins go through on a daily basis.

It’s very easy to download as no registration is required. Click on Download and it’s yours. It includes more than 20 short stories but this one is my personal favourite 😊.

Categories: Cloud

Azure Sentinel with built-in behavioural analytics powered by UEBA platform

October 23, 2020 Leave a comment

This latest innovation helps identify anomalies and extract behavioural insights for threat hunting and detection. Insights are aggregated across multiple data sources to provide a unified host or user profile.

Image source: https://techcommunity.microsoft.com/t5/azure-sentinel/stay-ahead-of-threats-with-new-innovations-from-azure-sentinel/ba-p/1693166

Other innovations include:

  • Integration with Azure Machine Learning Jupyter notebooks which offers a framework and cloud-scale data pipeline for ML using Azure Databricks.
  • Ability to search, add and track threat indicators, and create watchlists for threat hunting and detection (e.g., restricted IPs, trusted systems, critical assets, risky users, vulnerable hosts).
  • New data connectors, including for Microsoft Teams, Microsoft 365, and other clouds and data collection pipelines.

Categories: Cloud

Celebrating SysAdmin day

August 5, 2020 Leave a comment

Despite all challenges thrown our way this year, the hard work of SysAdmin made it possible for all of us to keep going, so Altaro are taking this opportunity to thank you:

If you are an Office 365, Hyper-V or VMware user, sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup and receive a €/£/$20 Amazon voucher when you use your trial of Altaro Office 365 Backup or Altaro VM Backup.

Plus, get the chance to also win one of their Grand Prizes by sharing your greatest 2020 victory with Altaro in an up to 60-seconds video.

What are you waiting for? Sign up now!

Categories: Cloud Tags:

Monitoring AKS Windows node pools

June 16, 2020 Leave a comment

Monitoring your containers is critical, especially when you’re running a production cluster, at scale, with multiple applications. Currently in Preview, the Azure Monitor for Containers will automatically start to collect logs (std/stderr) on the containers running on Azure Kubernetes Service (AKS)

This will provide you end-to-end monitoring on AKS Windows node pools with logs and metrics (which is already supported).

Source: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview

With Azure Monitor for containers you can:

  • Identify AKS containers that are running on the node and their average processor and memory utilization. This knowledge can help you identify resource bottlenecks.
  • Identify processor and memory utilization of container groups and their containers hosted in Azure Container Instances.
  • Identify where the container resides in a controller or a pod. This knowledge can help you view the controller’s or pod’s overall performance.
  • Review the resource utilization of workloads running on the host that are unrelated to the standard processes that support the pod.
  • Understand the behavior of the cluster under average and heaviest loads. This knowledge can help you identify capacity needs and determine the maximum load that the cluster can sustain.
  • Configure alerts to proactively notify you or record it when CPU and memory utilization on nodes or containers exceed your thresholds, or when a health state change occurs in the cluster at the infrastructure or nodes health rollup.
  • Integrate with Prometheus to view application and workload metrics it collects from nodes and Kubernetes using queries to create custom alerts, dashboards, and detailed perform detailed analysis.
  • Monitor container workloads deployed to AKS Engine on-premises and AKS Engine on Azure Stack.
  • Monitor container workloads deployed to Azure Red Hat OpenShift.

Fore more information see: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview

Categories: Cloud Tags: , ,

Becoming a Azure Sentinel expert

April 23, 2020 Leave a comment

I have been working on Azure Sentinel projects for the past 12 months and writing IP which uses Azure Sentinel, a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.

Azure Sentinel

Recently, while working on a Sentinel project for a major enterprise I became aware of a training that Ofer Shezaf from Microsoft has shared and I highly recommend for those who would like to learn and become an expert on Azure Sentinel to check out the the material and curriculum.

The training program includes 16 modules and includes presentations, relevant product documentation, blog posts, and other resources and if you are already familiar with Sentinel, check out the module 9, my preferred one.

Overview

– Module 1: Technical overview

– Module 2: Azure Sentinel role

Designing  Your Deployment

– Module 3: Cloud architecture and multi-workspace/tenant support

– Module 4: Collecting events

– Module 5: Log Management

– Module 6: Integrating threat intelligence

Creating Content

– Module 7: Kusto Query Language (KQL) – the starting point

– Module 8: Writing rules to implement detection

– Module 9: Creating playbooks to implement SOAR

– Module 10: Creating workbooks to implement dashboards and apps

– Module 11: Implementing use cases

Security Operations

– Module 12: A day in a SOC analyst’s life, incident management, and investigation

– Module 13: Hunting

Advanced Topics

– Module 14: Automating and integrating 

– Module 15: Roadmap – since it requires an NDA, contact your Microsoft contact for details.

– Module 16: Where to go next?

You can find the training material here

Image sources: Source image: https://docs.microsoft.com/en-us/azure/sentinel/overview

Categories: Cloud, Microsoft Tags: , ,

Celebrate World Backup Day

March 28, 2020 Leave a comment

Contest entries will be accepted until 22 April, 2020

If you manage your company’s Office 365 data, celebrate this World Backup Day with Altaro. All you have to do is sign up for a 30-day free trial of Altaro Office 365 Backup. If you share your biggest backup mishap with them, you get a chance to WIN one of the Grand Prizes:

· DJI Mavic Mini Drone FlyCam Quadcopter,

· Google Stadia Premiere Edition,

· Ubiquity UniFi Dream Machine

· Logitech MX Master 3 Advanced Wireless Mouse.

And guess what? For any Altaro eligible subscription they give you a guaranteed Amazon voucher! What are you waiting for? Sign up now!

Good luck & happy World Backup Day!

https://www.altaro.com/world-backup-day/?LP=cardoso-Article-WBD-contest-2020&Cat=SC&utm_source=cardoso&utm_medium=sc&utm_campaign=WBD-contest-2020&utm_content=Articlehttps://www.altaro.com/world-backup-day/?LP=cardoso-Article-WBD-contest-2020&Cat=SC&utm_source=cardoso&utm_medium=sc&utm_campaign=WBD-contest-2020&utm_content=Article
Categories: Cloud

Setting up and maintaining a high-performing Azure IaaS environments

March 16, 2020 Leave a comment

Many system administrators have been working with on-premises infrastructure for their whole careers so moving to a cloud-based environment can feel like a leap of faith. However, making the leap to Azure doesn’t have to be daunting. With the right preparation it can be a smooth transition, consistent with your current on-premises configuration.

This free eBook written by veteran IT consultant and Microsoft Certified trainer Paul Schnakenberg covers all aspects of setting up and maintaining a high-performing Azure IaaS environment. It starts from the very basics, introducing key terms and features you need to get started, including migration, and goes on to explain everyday maintenance and best practices before covering more advanced features.

To get the best results from this eBook, it is recommended to follow along with the step-by-step tutorials using your own Azure subscription.

If you don’t currently have access, the eBook explains how to set up a free 30-day trial alongside $200 worth of Azure resources to use and 12 months of additional free resources!

Categories: Cloud

Building an Effective DevOps Culture at Scale

December 16, 2019 Leave a comment

DevOps enables organizations to deliver software faster and more reliably. But to get the desired results, it’s important to know that there’s more to building an effective DevOps practice than learning new methodologies and technologies. Culture is the key to a successful DevOps transformation. 

Read the e-book Effective DevOps from O’Reilly to learn:

  • The foundations and central four pillars of effective DevOps.
  • Tips for fostering collaboration, strong interpersonal relationships, and affinity between teams. 
  • How to select tools and workflows that support and strengthen your organization’s unique DevOps culture.
  • How to troubleshoot common problems and misunderstandings.
  • How successful organizations have handled their DevOps journeys. 

 Link to Download : https://azure.microsoft.com/en-us/resources/effective-devops/

Categories: Cloud

If you are using Hyper-V, here is my Xmas tip: Altaro Holiday Contest 2019

November 27, 2019 Leave a comment

If you are a Hyper-V or VMware user, download Altaro’s VM Backup and follow the instructions …

This Holiday Season, Altaro is helping you out with your Holiday Shopping: they’re giving you the chance to WIN fantastic gifts that you can give to your loved ones!

It’s no secret that Holiday shopping can be stressful and very time-consuming. So this year, whether you need a present for your partner, your children, your parents and in-laws, or your friends… Altaro’s got your back. Enter and share it on socials for a chance to WIN one of the Grand Prizes:

  • a Holy Stone GPS FPV RC Drone HS100,
  • an All-Access MasterClass pass,
  • Lomography Lomo’Instant San Sebastian,
  • an Echo Plus (Smart Home Hub),
  • a Wii Console & Mario Kart for Wii,
  • 2x Netflix Gift Cards of $100 each,
  • and a JBL Clip Portable Waterproof Speaker.

And guess what? For any eligible subscription they give you a guaranteed Amazon voucher!

So, if you are a Hyper-V or VMware user, download Altaro’s VM Backup and follow the instructions you will find over here to WIN these exciting prizes!

Good luck & Happy Holidays!

Categories: Cloud