Archive

Archive for the ‘Cloud’ Category

Implementing cloud design, DevOps, IoT, and serverless solutions

April 13, 2019 Leave a comment

Are you designing Cloud solutions?

Check out the Azure for Architects e-book from Packt Publishing to help you
Design your cloud solutions with high availability, security, and scalability.

ebook

this ebook includes:

  • Common design patterns, principles, and best practices for working in Azure.
  • Designing for high availability, performance, scale, and resilience, and making informed decisions about deployment strategies.
  • Core Azure services as well as advanced solutions that use the Internet of Things, serverless computing, DevOps, and data services. 
  • Cost management, security, and monitoring to ensure your solutions meet business requirements.
Advertisements
Categories: Cloud

Windows Admin Center Webinar

March 29, 2019 Leave a comment

If you’ve ever attended an Altaro webinar before, you’ll know these sessions are always highly informative and worthwhile events to remember. And this upcoming webinar on Windows Admin Center looks to be no exception!

Windows Admin Center is a powerful suite of management tools that was released along with Windows Server 2019, however with such a large number of features it can be difficult for regular Windows Server administrators to know what to focus on. This webinar, presented by Microsoft MVPs Andy Syrewicze and Eric Siron, is designed to do exactly that and demonstrate live the features of Windows Admin Center that give the greatest benefit to managing Windows Server!

How to Manage Windows Server Like a Boss will be held on April 9th and as always the webinar will be presented live twice at 2pm CEST/8am EDT/5am PDT and at 7pm CEST/1pm EDT /10am PDT.

Presenters: Andy Syrewicze (Microsoft MVP) and Eric Siron (Microsoft MVP)

REGISTER FOR THE WEBINAR HERE

Date: Tuesday, April 9, 2019

Session 1: 2pm CEST / 8am EDT / 5am PDT

Session 2: 7pm CEST / 1pm EDT / 10am PDT

Categories: Cloud

Our new SIEM tool: Microsoft Azure Sentinel, intelligent security analytics for your entire enterprise

March 13, 2019 Leave a comment

As we know, many legitimate threats go unnoticed and with the unsurprising high volume of alerts and your team spending far too much time in infrastructure setup or BAU tasks, you need a solution that empowers your existing SecOps team to see the threats clearer and eliminate the distractions.

That’s why we reimagined the SIEM tool as a new cloud-native solution called Microsoft Azure Sentinel. Azure Sentinel provides intelligent security analytics at cloud scale for your entire enterprise. Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.

Collect data across your enterprise easily – With Azure Sentinel you can aggregate all security data with built-in connectors, native integration of Microsoft signals, and support for industry standard log formats like common event format and syslog.

Analyze and detect threats quickly with AI on your side – Security analysts face a huge burden from triaging as they sift through a sea of alerts, and correlate alerts from different products manually or using a traditional correlation engine.


Investigate and hunt for suspicious activities – Graphical and AI-based investigation will reduce the time it takes to understand the full scope of an attack and its impact. You can visualize the attack and take quick actions in the same dashboard.  


Automate common tasks and threat response – While AI sharpens your focus on finding problems, once you have solved the problem you don’t want to keep finding the same problems over and over – rather you want to automate response to these issues.

More Information:

https://azure.microsoft.com/en-us/services/azure-sentinel/#documentation

Azure Sentinel preview is free

There will be no charges specific to Azure Sentinel during the preview. Pricing for Azure Sentinel will be announced in the future and a notice will be provided prior to the end of the preview. Should you choose to continue using Azure Sentinel after the notice period, you will be billed at the applicable rates


Celebrate World Backup Every Day and WIN the CONTEST!

March 11, 2019 Leave a comment


World Backup Day is something we’re used to mark as an event every year, as a reminder we need to take good care of our data. But this year Altaro challenges us to change our mindsets and start considering the value of a good backup solution not just once, but every day.

On this occasion, they’re launching this contest where you might win an Oculus Rift & Touch Virtual Reality System! Let’s hope you’ll be the lucky winner, but if not, they’re giving free eGift Amazon cards as well for all the valid entries. So, for those who want to give it a try, this seems to be a good time to do it.

To enter the contest, click here. Good luck and happy backup!

______________________________________________________________________________

.

Categories: Cloud

Annual Microsoft Security Intelligence Report (SIR) released

March 1, 2019 Leave a comment

Yesterday, Microsoft published volume 24 of the Microsoft Security Intelligence Report (SIR).

The SIR is widely viewed as a credible, unparalleled source of information for IT professionals, security executives, governments, and the security industry at large, regarding the evolving threat landscape. Based on our extensive view of the threat landscape through analysis of over 6.5 trillion security signals daily, the SIR is one of the most comprehensive reports in the industry.

  • SIR Volume 24 is an annual report that covers some of the key threat trends in 2018, including cryptocurrency mining, phishing and supply chain attacks. It also shares assessments based on our threat research and recommendations on how to protect against threats.


  • In addition, for the very first time, we have launched an interactive version of the SIR as a complement to the annual report to enable viewers to dig into the data in more detail and be able to filter by country and/or time period. We intend to update the site monthly and add new and noteworthy insights over time.

You can download the report at https://www.microsoft.com/en-us/security/operations/security-intelligence-report

Categories: Cloud

View Azure metrics in Grafana dashboards

January 16, 2019 Leave a comment

Microsoft released a plugin that will allow Azure services and applications to be monitored from from Grafana using the Azure Monitor data source plugin.

Grafana configuration for Azure Monitor integration

The plugin gathers application performance data collected by Azure Monitor, including various logs and metrics.

If you use Application Insights, you can also include your Application Insights API and application ID to collect Application Insights based metrics.

You can also install Telegraf and InfluxDB to collect and plot both custom and agent-based metrics using the same Grafana instance and include metrics from the Prometheus server to monitor Containers.

When configuring the plugin, you can indicate which Azure Cloud you would like the plugin to monitor (Public, Azure US Government, Azure Germany, or Azure China).

The high level steps are:

  1. Set up Grafana (locally or in Azure downloading from the Azure Marketplace: Grafana by Grafana Labs). You will need Grafana version 5.3 or higher
  2. Login to Grafana
  3. Configure the DataSource plugin and select Azure Monitor as the type from the dropdown
  4. Use an existing one or Create a new service principal – Grafana uses an Azure Active Directory service principal to connect to Azure Monitor APIs and collect data
  5. Provide the connection details to the APIs and select Same details as Azure Monitor API
  6. Provide your Application Insights API and application ID if you want to collect Application Insights based metrics
  7. Save and on the Grafana Home page, and select New Dashboard
  8. Select the configured Azure Monitor data source

for a more detailed step by step check https://docs.microsoft.com/en-us/azure/azure-monitor/platform/grafana-plugin?toc=%2Fazure%2Fazure-monitor%2Ftoc.json

Password-less VM – The importance of securing your IaaS Linux VM in the Public Cloud

January 9, 2019 Leave a comment

When creating a VM in the Public Cloud, some would think that the Provider would be responsible for its security. Guess what, you are responsible for its security.

A common misunderstanding is assuming that a strong password would do the job of securing the VM access. To prove that is not good enough, yesterday I created a VM in Azure for a Containers Lab work and in less than 9hrs, I had 8712 failed login attempts as it shows in the picture above.

Creating a more Secure VM

So, what should you do to protect the access to my public VM?

“Password-less VM”: Using SSH public key, instead of password, will greatly increase the difficulty of brute-force guessing attack.

A “password-less” VM includes:

  • A username that is not standard such as “root” or “admin”: Azure already help you with that, by not allowing you to create “root” or “admin” as a username. Also note that in Linux, the username is case sensitive.
  • No password for the user; no password-based login permitted. Instead, configure Private key/certificate SSH authentication: That’s a must!
  • A randomized public SSH port.

Verifying

Using the below Linux command line, you should see a line showing: PasswordAuthentication no

$ sudo tail -n 10 sshd_config

Detailed Steps

Check out the Quick steps: Create and use an SSH public-private key pair for Linux VMs in Azure article on how to configure those steps.

What else should you do?

Azure offers great protection options for Azure VM’s. It’s definitely a must that you:

  • Install Microsoft Monitoring Agent to enable Azure Security Center which will help you prevent, detect, and respond to threats. Security Center analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls. For detailed information see https://docs.microsoft.com/en-us/azure/security-center/quick-onboard-linux-computer
  • Configure Security Policies, which drives the security recommendations you get in Azure Security Center.
  • Configure Just-in-time (JIT) virtual machine (VM) access which can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. Configure custom ports and customize the following settings:

Protocol type– The protocol that is allowed on this port when a
request is approved.

Allowed source IP addresses- The IP ranges that are allowed on this port when a request is approved.

Maximum request time– The maximum time window during which a specific port can be opened.

  •  Configure Network security groups and rules to control traffic to virtual machines
  • Configure dedicated network connection between your on-premises network and your Azure vNets, either through a VPN or through Azure ExpressRoute: Production services should not be exposing SSH to the internet.

Stay safe!

Article also published in my Linkedin page: https://www.linkedin.com/pulse/password-less-vm-importance-securing-your-iaas-linux-cardoso/?published=t