Showing posts with label MS Azure. Show all posts
Showing posts with label MS Azure. Show all posts
Thursday, 3 January 2019
Monday, 5 March 2018
Introducing Azure Advanced Threat Protection
The recent years have witnessed a distinct and
consistent escalation in cyberattacks’ scope, scale, and
sophistication, impacting organizations across all verticals and
locations. This escalation is manifested not only in increasing
proliferation of threat-actor groups, but also in the diversity of the
utilized attack Tools Techniques and Procedures (TTPs), ranging from
zero-day exploits to weaponized antimalware and publicly available
toolkits.
This threat landscape is driving a change in the common security
paradigm, bringing security stakeholders to realize that a resourceful
and determined attacker will at a certain point succeed in bypassing the
traditional prevention and detection controls.
To proactively respond to these threats, there
is a need for a security layer that operates following the successful
bypass of these controls and is tasked with detecting the malicious
activity consecutive to this bypass.
Sunday, 4 March 2018
Step by Step Virtual Machine Creation in Azure
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.
An Azure VM gives you the flexibility of virtualization
Saturday, 3 March 2018
Step by Step Establishing Azure Point to Site VPN
There are many scenario in which we have to work on Microsoft Azure Cloud doing experiments
and LABs, or we have to setup some Application Server’s on which different people have to work
like a team, such as a team of developer is working on a project which is hosted on Microsoft Azure plate from and the developers are located in different geo location.
and LABs, or we have to setup some Application Server’s on which different people have to work
like a team, such as a team of developer is working on a project which is hosted on Microsoft Azure plate from and the developers are located in different geo location.
Step by Step Azure Site to Site VPN with SonicWall Hardware Firewall
Azure is a cloud computing platform and infrastructure created by Microsoft. It is used for building, deploying, and managing applications and services through a global network of Microsoft managed datacenters.
Wednesday, 22 November 2017
Windows Hello for Business
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.
if you have only office 365 subscription and windows 10 then also your user able to login through windows hello no need local AD.
Windows Hello addresses the following problems with passwords:
- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
- Server breaches can expose symmetric network credentials (passwords).
- Passwords are subject to replay attacks.
- Users can inadvertently expose their passwords due to phishing attacks.
Sunday, 9 July 2017
Petya ransomware prevention & detection in Azure Security Center
This blog post was authored by Tim Burrell, Principal Engineering Manager, Microsoft Threat Intelligence Center .
Microsoft Malware Protection Center (MMPC) published a blog post yesterday detailing a new ransomware infection that appears to have begun in Ukraine and spread from there to other places in Europe and beyond. MMPC analysis showed this to be a more sophisticated variant of Ransom:Win32/Petya and all free Microsoft antimalware products were updated with signatures for this threat, including Windows Defender Antivirus.
This post summarizes measures that Azure customers can take to prevent and detect this threat through Azure Security Center. See here for basic information on enabling Azure Security Center.
Drilling into the Compute pane (or the overview recommendations pane) shows more detail, including the Endpoint Protection installation recommendation being discussed here:
Clicking on this leads to a dialog allowing selection of and installation of an endpoint protection solutions, including Microsoft’s own antimalware solution:
These recommendations and associated mitigation steps are available to Azure Security Center Free tier customers.
These alerts are accessed via the Detection pane highlighted below, and require the Azure Security Center Standard tier.
An alert for Petya ransomware will show up as shown below:
Drilling in provides more detail of the impacted VM and suspicious process or commandline that triggered the alert:
Note that although the detection alert relates to a specific host, because this ransomware attempts to propagate to other nearby machines, it is important to apply remediation steps to all on all hosts on the network, not just the host identified in the alert.
Please follow the remediation steps indicated in the Alert or in the Microsoft Malware Protection Center (MMPC) blog.
Microsoft Malware Protection Center (MMPC) published a blog post yesterday detailing a new ransomware infection that appears to have begun in Ukraine and spread from there to other places in Europe and beyond. MMPC analysis showed this to be a more sophisticated variant of Ransom:Win32/Petya and all free Microsoft antimalware products were updated with signatures for this threat, including Windows Defender Antivirus.
This post summarizes measures that Azure customers can take to prevent and detect this threat through Azure Security Center. See here for basic information on enabling Azure Security Center.
Prevention
Azure Security Center scans virtual machines across an Azure subscription and makes a recommendation to deploy endpoint protection where an existing solution is not detected. This recommendation can be accessed via the Prevention section as shown below.
Drilling into the Compute pane (or the overview recommendations pane) shows more detail, including the Endpoint Protection installation recommendation being discussed here:
Clicking on this leads to a dialog allowing selection of and installation of an endpoint protection solutions, including Microsoft’s own antimalware solution:
These recommendations and associated mitigation steps are available to Azure Security Center Free tier customers.
Detection
Azure Security Center customers who have opted into Standard-Tier can benefit from a new detection recently added to alert on specific indicators related to Petya ransomware running on an infected host - this is described in further detail below.These alerts are accessed via the Detection pane highlighted below, and require the Azure Security Center Standard tier.
An alert for Petya ransomware will show up as shown below:
Drilling in provides more detail of the impacted VM and suspicious process or commandline that triggered the alert:
Note that although the detection alert relates to a specific host, because this ransomware attempts to propagate to other nearby machines, it is important to apply remediation steps to all on all hosts on the network, not just the host identified in the alert.
Please follow the remediation steps indicated in the Alert or in the Microsoft Malware Protection Center (MMPC) blog.
Saturday, 6 May 2017
Step by Step Windows Azure Point to Site VPN
There are many scenario in which we
have to work on Microsoft Azure Cloud doing experiments and LABs, or we have to
setup some Application Server’s on which different people have to work like a
team, such as a team of developer is working on a project which is hosted on
Microsoft Azure plate from and the developers are located in different geo
location. These kind of scenario for which Azure provides Point to Site VPN
Secure connectivity so that every individual connect remotely with a secure
SSTP VPN connection and perform his job.
A Point-to-Site (P2S) configuration
lets you create a secure connection from an individual client computer to a
virtual network. P2S is a VPN connection over SSTP (Secure Socket Tunneling
Protocol). Point-to-Site connections are useful when you want to connect to
your VNet from a remote location, such as from home or a conference, or when
you only have a few clients that need to connect to a virtual network. P2S
connections do not require a VPN device or a public-facing IP address. You
establish the VPN connection from the client computer. In this Lab, we will
walk through the steps involved in setting up a remote P2S VPN with Microsoft
Windows Azure Cloud plate form.
LAB Setup for Azure VPN
We need to
following requirements before we start P2S VPN.
·
A
valid Microsoft Azure subscription
·
Microsoft
Windows SDK at client computers installed
·
Root
and Client Certificate at client computers
·
Virtual
Network in Azure
·
Network
Subnet
·
Virtual
Network Gateway in Azure
·
Gateway
Subnet
Windows Azure Virtual Network
After
successful login click New and search Virtual Network
Select
Virtual Network, Select Resource Group and Click Create
Virtual Network Properties
Fill out
Virtual Network properties as per your Network
Location you can chose as per your nearest Azure Data Center
and click create it will take approximate 2 to 3 minutes and V Network will be
created.
View Properties of Virtual Network
You can view
newly created virtual network settings, resource group and address space.
Subscribe to:
Posts (Atom)