Archive

Author Archive

Celebrate World Backup Every Day and WIN the CONTEST!

March 11, 2019 Leave a comment


World Backup Day is something we’re used to mark as an event every year, as a reminder we need to take good care of our data. But this year Altaro challenges us to change our mindsets and start considering the value of a good backup solution not just once, but every day.

On this occasion, they’re launching this contest where you might win an Oculus Rift & Touch Virtual Reality System! Let’s hope you’ll be the lucky winner, but if not, they’re giving free eGift Amazon cards as well for all the valid entries. So, for those who want to give it a try, this seems to be a good time to do it.

To enter the contest, click here. Good luck and happy backup!

______________________________________________________________________________

.

Advertisements
Categories: Cloud

Annual Microsoft Security Intelligence Report (SIR) released

March 1, 2019 Leave a comment

Yesterday, Microsoft published volume 24 of the Microsoft Security Intelligence Report (SIR).

The SIR is widely viewed as a credible, unparalleled source of information for IT professionals, security executives, governments, and the security industry at large, regarding the evolving threat landscape. Based on our extensive view of the threat landscape through analysis of over 6.5 trillion security signals daily, the SIR is one of the most comprehensive reports in the industry.

  • SIR Volume 24 is an annual report that covers some of the key threat trends in 2018, including cryptocurrency mining, phishing and supply chain attacks. It also shares assessments based on our threat research and recommendations on how to protect against threats.


  • In addition, for the very first time, we have launched an interactive version of the SIR as a complement to the annual report to enable viewers to dig into the data in more detail and be able to filter by country and/or time period. We intend to update the site monthly and add new and noteworthy insights over time.

You can download the report at https://www.microsoft.com/en-us/security/operations/security-intelligence-report

Categories: Cloud

View Azure metrics in Grafana dashboards

January 16, 2019 Leave a comment

Microsoft released a plugin that will allow Azure services and applications to be monitored from from Grafana using the Azure Monitor data source plugin.

Grafana configuration for Azure Monitor integration

The plugin gathers application performance data collected by Azure Monitor, including various logs and metrics.

If you use Application Insights, you can also include your Application Insights API and application ID to collect Application Insights based metrics.

You can also install Telegraf and InfluxDB to collect and plot both custom and agent-based metrics using the same Grafana instance and include metrics from the Prometheus server to monitor Containers.

When configuring the plugin, you can indicate which Azure Cloud you would like the plugin to monitor (Public, Azure US Government, Azure Germany, or Azure China).

The high level steps are:

  1. Set up Grafana (locally or in Azure downloading from the Azure Marketplace: Grafana by Grafana Labs). You will need Grafana version 5.3 or higher
  2. Login to Grafana
  3. Configure the DataSource plugin and select Azure Monitor as the type from the dropdown
  4. Use an existing one or Create a new service principal – Grafana uses an Azure Active Directory service principal to connect to Azure Monitor APIs and collect data
  5. Provide the connection details to the APIs and select Same details as Azure Monitor API
  6. Provide your Application Insights API and application ID if you want to collect Application Insights based metrics
  7. Save and on the Grafana Home page, and select New Dashboard
  8. Select the configured Azure Monitor data source

for a more detailed step by step check https://docs.microsoft.com/en-us/azure/azure-monitor/platform/grafana-plugin?toc=%2Fazure%2Fazure-monitor%2Ftoc.json

Password-less VM – The importance of securing your IaaS Linux VM in the Public Cloud

January 9, 2019 Leave a comment

When creating a VM in the Public Cloud, some would think that the Provider would be responsible for its security. Guess what, you are responsible for its security.

A common misunderstanding is assuming that a strong password would do the job of securing the VM access. To prove that is not good enough, yesterday I created a VM in Azure for a Containers Lab work and in less than 9hrs, I had 8712 failed login attempts as it shows in the picture above.

Creating a more Secure VM

So, what should you do to protect the access to my public VM?

“Password-less VM”: Using SSH public key, instead of password, will greatly increase the difficulty of brute-force guessing attack.

A “password-less” VM includes:

  • A username that is not standard such as “root” or “admin”: Azure already help you with that, by not allowing you to create “root” or “admin” as a username. Also note that in Linux, the username is case sensitive.
  • No password for the user; no password-based login permitted. Instead, configure Private key/certificate SSH authentication: That’s a must!
  • A randomized public SSH port.

Verifying

Using the below Linux command line, you should see a line showing: PasswordAuthentication no

$ sudo tail -n 10 sshd_config

Detailed Steps

Check out the Quick steps: Create and use an SSH public-private key pair for Linux VMs in Azure article on how to configure those steps.

What else should you do?

Azure offers great protection options for Azure VM’s. It’s definitely a must that you:

  • Install Microsoft Monitoring Agent to enable Azure Security Center which will help you prevent, detect, and respond to threats. Security Center analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls. For detailed information see https://docs.microsoft.com/en-us/azure/security-center/quick-onboard-linux-computer
  • Configure Security Policies, which drives the security recommendations you get in Azure Security Center.
  • Configure Just-in-time (JIT) virtual machine (VM) access which can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. Configure custom ports and customize the following settings:

Protocol type– The protocol that is allowed on this port when a
request is approved.

Allowed source IP addresses- The IP ranges that are allowed on this port when a request is approved.

Maximum request time– The maximum time window during which a specific port can be opened.

  •  Configure Network security groups and rules to control traffic to virtual machines
  • Configure dedicated network connection between your on-premises network and your Azure vNets, either through a VPN or through Azure ExpressRoute: Production services should not be exposing SSH to the internet.

Stay safe!

Article also published in my Linkedin page: https://www.linkedin.com/pulse/password-less-vm-importance-securing-your-iaas-linux-cardoso/?published=t

Azure B2C: Flexibility is the key

November 27, 2018 1 comment

I have been working in some challenging’s Identity projects for the past 2 years and I have been amazed by the great flexibility that Azure B2C offers.

This week I am in Prague delivering an Azure Bootcamp for our 
internal Microsoft team and speaking on Identity and Security and Azure B2C is one of the major points of my sessions.

In August this year I’ve completed a project that enabled a major financial institution to offer an secure and easy way for their partners/customers to sign in to access their application.

Azure Active Directory B2C is a reliable, globally-distributed service with an SLA of 99.9%, capable of supporting millions of users and billions of authentications per day, allowing users to sign in with Microsoft Accounts, Azure AD, Facebook, Google+, LinkedIn and many others, or your own Identity provider, 

Customers profiles are protected through various security controls in addition to application or policy-based multi-factor authentication.

You can learn more on how to manage sign-up, sign-in, and customer profiles in your ASP.NET, desktop, or single-page Node.js applications at https://docs.microsoft.com/en-us/azure/active-directory-b2c/#step-by-step-tutorials 

Categories: Cloud, Microsoft Tags: ,

Where can you learn more about Windows 2019? Attend the November 8th Live Webinar with MS MVP Andy Syrewicze

October 29, 2018 1 comment

Windows Server 2019 is the operating system that bridges on-premises environments with Azure, adding additional layers of security while helping you modernise your applications and infrastructure:

  •  Hybrid capabilities with Azure. Extend your datacentre to Azure to maximise your investments and gain new hybrid capabilities.
  •  Advanced multilayer security. Elevate your security posture by protecting the datacentre, starting with the operating system.
  •  Faster innovation for applications. Enable the creation of cloud-native apps, and modernise traditional apps using containers and microservices.
  • Unprecedented hyper-converged infrastructure. Evolve your datacentre infrastructure to achieve greater efficiency and security.

Where can you learn more about Windows 2019?

Demo webinars are a great way to see a product in action before you decide to take the plunge yourself. It enables you to see the strengths and weaknesses first-hand and also ask questions that might relate specifically to your own environment.

Altaro - live Demo Webinar - Windows Server 2019 In Action -1200x628-no-cta[1]With that in mind there is a webinar scheduled to be presented live twice on November 8th by Microsoft MVP Andy Syrewicze to help you learn more about the new Windows 2019 features. The first session is at 2pm CET/8am EST/5am PST and the second is at 7pm CET/1pm EST/10am PST.

To note: With the record number of attendees for the last webinar, some people were unable to attend the sessions which were maxed out. It is advised you save your seat early for this webinar to keep informed and ensure you don’t miss the live event.

Save your seat: https://goo.gl/xEKQzP

This deep-dive webinar will focus on:

  • Windows Admin Center
  • Containers on Windows Server
  • Storage Migration Service
  • Windows Subsystem for Linux
  • And more!
Categories: Cloud

Windows 2019. Are you ready to start your evaluation?

October 4, 2018 1 comment

Microsoft announced this week that Windows Server 2019 is now generally available.

win2019

Windows Server 2019 is designed and engineered to help modernize your datacenter, delivering on four key areas:

Hybrid: The move to the cloud is a journey. To make it easier to connect existing Windows Server deployments to Azure services, we built interfaces for hybrid capabilities into the Windows Admin Center. With Windows Admin Center and Windows Server 2019, customers can use hybrid features like Azure Backup, Azure File Sync, disaster recovery to extend their datacenters to Azure and Storage Migration Service.

Security: In Windows Server 2019, we extended support of Shielded VMs to Linux VMs. Enabled Windows Defender Advanced Threat Protection (ATP), that detects attacks and zero-day exploits among other capabilities and included Defender Exploit Guard to help you elevate the security posture of your IT environment and combat ransomware attacks.

Application Platform: In Windows Server 2019, we reduced the Server Core base container image to a third of its size. We also provide improved app compatibility, support for Service Fabric and  Kubernetes, and support for Linux containers on Windows to help modernize your app. Also with Server 2019, Linux users can bring their scripts to Windows while using industry standards like OpenSSH, Curl & Tar with the improved  Windows Subsystem for Linux (WSL)

Hyper-converged Infrastructure (HCI): HCI is one of the latest trends in the server industry today. In Windows Server 2019, we democratize HCI with cost-effective high-performance software-defined storage and networking that allows deployments to scale from small 2-node, all the way up to 100s of servers with Cluster Sets technology, making it affordable regardless of the deployment scale.

Are you ready to start your evaluation? Click here to find out more

Source: https://cloudblogs.microsoft.com/windowsserver/2018/03/20/introducing-windows-server-2019-now-available-in-preview/

 

Are you ready to start your evaluation?

Categories: Cloud