Secure Azure Infra – Prerequisites & Intro

This is a new series of Azure Security Lab and share about how to securing your infrastructure with Microsoft Azure Security Center. This series of Azure Security Lab contains  Labs, I will share every Saturday (Singapore Time).

Let start with Prerequisites & Introduction.

Prerequisites

To complete this workshop, the following will be required:

  • A valid subscription to Azure. If you don’t currently have a subscription, consider setting up a free trial. If this workshop is being hosted by a Microsoft Cloud Solution Architect, Azure passes should be provided.
  • Multiple browser windows will be required to log in as different users simultaneously.
  • A mobile phone, used to respond to multi-factor authentication challenges.

Lab Introduction

Contoso have recently migrated several of their on-premises resources to Microsoft Azure. These resources include virtual machines (both Windows 2016 and Ubuntu Linux), virtual networks and storage accounts. Unfortunately, as this is the first migration carried out, Contoso are somewhat unfamiliar with Azure (and public cloud platforms in general) – as a result, they have failed to consider the security implications of the infrastructure.

The Contoso security team have requested your help to secure the infrastructure resources that they have migrated to Azure.

The environment deployed by Contoso is shown in figure 1.

Main Lab Image

Figure 1: Contoso Environment

The migrated Contoso environment has the following issues:

  • The storage account / container used has open, public access.
  • There is no access control in place for the virtual network / subnet.
  • Virtual Machines are not encrypted.
  • No Role Based Access Control (RBAC) is in place to determine which users have access to which resources. Contoso would like only the minimum amount of access to be given to users, including time limited access.
  • The Azure SQL Database has no firewall rules configured.

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

Leave a Reply

Your email address will not be published. Required fields are marked *