IT Techy Minds -- We run and explore the IT

Security in Azure environment and detection methods

Hi Admin

Since most of the organization has started the journey of cloud and more concerned about how resources & data will be secured.

Hackers have become more advanced and racing with security system

There are some good articles from MS which shows how MS Azure ensured security in cloud system. Always remember the secuirty model defers based on service model and MS has ensured availiablity of tool which can be used by cust to monitor and secure the system.

 

undefined

undefined

Detecting attack by using Azure Security Center

1. SQL Brute Force attack  (https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-reveal-a-cyberattack/)

2. Bitcoin mining attack (https://azure.microsoft.com/en-us/blog/how-azure-security-center-detects-a-bitcoin-mining-attack/)

3. DDoS attack using cyber threat intelligence (https://azure.microsoft.com/en-us/blog/how-azure-security-center-detects-ddos-attack-using-cyber-threat-intelligence/)

4. Good applications being used maliciously (https://azure.microsoft.com/en-us/blog/how-azure-security-center-aids-in-detecting-good-applications-being-used-maliciously/)

Interesting Docs. https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities

 

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals. AWS Pratitioner

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

 

New way of working with Citrix via Samsung DEX

Hi Citrix Admins

As all the Vendor are focusing on delivering BYOD concept and extending appllication to support multiple devices.

Samsung vendor has enabled DEX feature their Specific devices to provide desktop experience from your TAB & mobile.

Accessing Cirtix with desktop experience via using DEX solution. below videos will give good knowledge and how to setup with your machine.

How to setup Samsung DEX device.

Thanks with Regards

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals. AWS Pratitioner

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

Bandwidth requriement for Citrix connection

Hi Admin / Users

there has been always disucssion placed on bandwidth requirements for Citrix connection in project initail phases.

Citrix Bandwidth Calculation:-

bandwidth = (200 * h) + (100 * d) + (1500 * x) + z

h = users with video without Flash redirection - average usage is 200 Kbps
d = users with video with Flash redirection - average usage 100 Kbps
x = users that require 3D Graphics - average usage is 1500 Kbps or 1.5 Mbps
z = addtional 1000 to 2000 kbps to support peaks (>10 users)

Example

You have 50 users that are using thin clients without the ability of Flash redirection (Flash will be rendered on the server instead)
You have 10 users with thick clients that can perform Flash redirection on the client
You have 3 CAD users that will required 3D Graphics
Since you have over 10 users and you have the need for 3D Graphics, you decide to add 2000 Kbps for overhead.

h = 50
d = 10
x = 5
z = 2000

(200 * 50) + (100 * 10) + (1500 *5) + 2000
10000 + 1000 + 7500 + 2000 = 115000

115000 kbps connection required.

Thanks

Webadmin

Fundamentals of Enterprise Security: Module 1

Cybersecurity has become major focus areas for all the organization and there are many facts which are important for the organization to be ready to handle any threat.   

In the 1st module we will talk about Understanding the cybersecurity landscape which will cover:- 

The current cybersecurity landscape

The evolution of attacks

Understanding “Assume Compromise”

Examples of compromises

Evolution of Attacks

 

Present CyberSecurity Landscape:- 

Every day attackers are developing new and ingenious methods of compromising systems. Intrusion tools, originally developed by the intelligence agencies of nation states are available publicly for desired audience. New credential breaches are published on breach notification services, such as haveIbeenpwned.com, every few days.

Vendor are releasing the patch and fixed every month or proactively in order to fix the discovered vulnerabilities. Company are spending huge amount of effort and money to keep the product and system secure but many are the companies are not deploying the latest patches in timely manner and suffer from breaches.

In the current cybersecurity landscape, attackers are finding it simpler to monetize their activities, either by deploying ransomware that encrypts a target’s data and system and demanding payment for a solution, or by deploying coin mining software that generates cryptocurrency using the resources of the target organization’s infrastructure. Making a profit by compromising a target’s infrastructure is becoming easier. This is likely to lead to a more, rather than less, aggressive cybersecurity landscape.
There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.

 undefined

Assume Compromise Philsophy :- T

he assume compromise philosophy takes the position that an organization should build and maintain its security posture based on the idea that the organization’s information systems have already been compromised. Another part of the assume compromise philosophy is that the organization should assume that preventative technologies such as firewalls, anti-virus, and intrusion detection systems (IDS) will fail. Under the assume compromise philosophy, information security teams focus instead on detecting and responding to suspicious activity rather than simply preventing intrusion. Detection of suspicious activity can be assisted by leveraging cloud-based analytics services that constantly monitor information systems telemetry for anomalies.

When you design a security posture with assume compromise in mind, you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. These goals can be done by implementing technologies such as Just Enough Administration (JEA) and Just in Time (JIT) administration, segmenting networks, deploying code integrity policies as well as enforcing good administrative practices as restricting administrative sessions so that they can only be initiated from specially configured privileged access workstations.

Example :-

Few attackers compromise an organization without having an objective beyond proving that the organization can be compromised. Attackers target organizations because they wish to accomplish one or more goals. When an organization is compromised, the attackers often do one of the following:

Exfiltrate data - The attackers extract sensitive data from the organization. This data may have been stolen for a variety of reasons, from the theft of commercially sensitive information to exposing organizational secrets to damage the organization’s reputation. Some of the most famous attacks have involved data exfiltration, such as gaining access to a substantial number of customer credit card numbers.

Deploy ransomware;- In ransomware attacks, the attackers encrypt the organization’s data and render the organization’s information systems non-functional. The attackers do this in the hope that the organization will pay a ransom, usually in the form of a cryptocurrency. Once the target organization pays the ransom, the attackers will provide the organization with an unlock key. After inputting this key, the data will be decrypted and the information systems previously rendered non-functional will be returned to full functionality.

Enroll systems in a botnet:- Botnets are collections of computers that can be configured to perform a specific task, such as performing a distributed denial of service attacks. Botnets can be monetized in several ways, including extorting money through the performance of distributed denial of service attacks or used to relay spam (unsolicited commercial email).

Deploy coin mining software:- As of early 2018, coin mining attacks are becoming increasingly prevalent due to their lucrative nature. Coin mining malware deployed in attacks is sophisticated enough only to use some, not all, of the host systems resources, meaning it isn’t always obvious when a system is infected. Coin mining attacks have also been perpetrated by insiders who use their organization’s infrastructure to generate illicit income.

Cost of Breach:-

There is no estimated cost of breach and depends on situation. On top of the disruption to the businesses processes, it is difficult to assess the value of intangibles such as reputational damage, the cost of rehabilitating compromised systems, the cost of investigating the breach itself and the cost of any fines or penalties that may need to be paid to the relevant authority.

Some of the factors that contribute to the cost of a breach include, but are not limited to:

 undefined

Read Module 2 for how organization should prepare team to ensure security 

 

Thanks with Regards

Amit Kumar Gupta

Certified: CCA-XenApp/XenDesktop/XenServer, Google Cloud Architect, MCSE, ITIL, Vmware Certified , AWS Fundamentals

Microsoft certified - Enterprise Cybersecurity Fundamentals & Planning for Security Incident response.

https://www.linkedin.com/in/amit-gupta-5321a527/

Reference Document from MS.

Azure Offered Services under Web, Data, Media, and Management Sections

Hi IT Geeks

Contiue to Azure offered Services.

Web and Mobile Services (including media and content delivery)

App Service. Create scalable cloud apps for web and mobile without the need to manage the underlying web server configuration.

Web Apps. Quickly create and deploy mission critical Web apps at scale.

Mobile Apps. Implement a hosted back-end service for mobile applications that run on multiple mobile platforms.

API Apps. Publish your service APIs securely.

Logic Apps. Automate the access and use of data across clouds without writing code.

Content Delivery Network. Ensure secure, reliable content delivery with broad global reach.

Media Services. Encode, store, and stream video and audio at scale.

Azure Search. Provide a fully managed search service.

Databases, Data and Analytics Services

SQL Database. Implement relational databases for your applications without the need to provision and manage a database server.

SQL Data Warehouse. Learn how to use SQL Data Warehouse, which combines the SQL Server relational database with massively parallel processing.

Azure Cosmos DB. Implement an Azure Cosmos DB service that functions as a globally distributed database using one of the multi-model APIs.

HDInsight. Use Apache Hadoop to perform big data processing and analysis.

Redis Cache. Implement high-performance caching solutions for your applications.

Machine Learning. Apply statistical models to your data and perform predictive analytics.

Monitoring and Management Services

Microsoft Azure Portal. Build, manage, and monitor all Azure products in a single, unified console.

Azure Resource Manager. Use Azure Resource Manager to deploy, manage, and monitor the infrastructure components and resources for applications and services.

Log Analytics. Centralize log data from multiple systems in a single data store, gaining deeper insight into your hybrid IT environment.

Automation. Simplify cloud management with process automation.

Scheduler. Use Scheduler to schedule and monitor jobs such as recurring application actions and routine maintenance.

Thanks with Regards

Amit Kumar Gupta

CCA in XenApp/XenDesktop/XenServer,Google Cloud Architect, MCSE, ITIL, Vmware Certified

Microsoft certified - Planning for Security Incident response.

https://www.linkedin.com/in/amit-kumar-gupta-5321a527/

Azure Services: offered Compute, Storage, and Identity Under Azure Umbrella

Hello It Geeks

Just to revise the Azure offered Services. Here is list of Services which are offered under umbrella.

Virtual Machines. Create Windows® and Linux virtual machines from pre-defined templates, or deploy your own custom server images in the cloud.

Virtual Machine Scale Sets. Deploy Virtual Machine Scale Sets using Azure Resource Manager templates.

Virtual Networks. Provision networks to connect your virtual machines, PaaS cloud services, and on-premises infrastructure.

Cloud Services. Define multi-tier PaaS cloud services that you can deploy and manage on Microsoft Azure.

Load Balancer. Quickly create highly-available and scalable applications, with support for the most common networking protocols.

VPN Gateway. Connect on-premises networks to Azure through Site-to-Site VPNs using secure protocols like IPSec and IKE.

Azure DNS. Use Azure DNS to host your Domain Name System (DNS) domains in Azure.

ExpressRoute. Create a dedicated high-speed connection from your on-premises data center to Azure.

Traffic Manager. Implement load-balancing for high scalability and availability.

Network Watcher. Monitor and diagnose networking issues without logging in to your virtual machines (VMs) using Network Watcher.

Storage and Backup Services

Azure Storage. Store data in files, binary large objects (BLOBs), tables, and queues.

Data Lake Store. Use as a hyper scale repository for big data analytics workloads.

StorSimple. Consolidate storage infrastructure, automate data management across the enterprise, accelerate disaster recovery, and improve compliance.

Backup. Use Azure as a backup destination for your on-premises servers.

Azure Site Recovery. Manage complete site failover for on-premises and Azure private cloud infrastructures.

Security and Identity Services

Security Center. Use Azure Security Center to get a central view of the security state of all of your Azure resources.

Key Vault. Create and import encryption keys, reduce latency with cloud scale and global redundancy, and simplify and automate tasks for SSL/TLS certificates.

Azure Active Directory. Integrate your corporate directory with cloud services for a single sign on (SSO) solution.

Azure Active Directory Domain Services. Join Azure virtual machines to a domain without domain controllers.

Azure Multi-Factor Authentication. Implement additional security measures in your applications to verify user identity.

The more updated details can be read at https://azure.microsoft.com/en-us/features/azure-portal/

Login to trail portal.

Thanks with Regards

Amit Kumar Gupta

CCA in XenApp/XenDesktop/XenServer,Google Cloud Architect, MCSE, ITIL, Vmware Certified

Microsoft certified - Planning for Security Incident response.

https://www.linkedin.com/in/amit-kumar-gupta-5321a527/

Newer posts → Home ← Older posts