Uploaded byLai Yoong Seng
How Secure is Azure?
The document outlines compliance standards and security measures related to Microsoft Azure services, highlighting certifications such as ISO 27001, SOC, and PCI DSS. It emphasizes security protocols, including access control lists, network segmentation, and the use of multiple network interface cards in virtual machines. Additionally, it discusses Microsoft Azure Storage's durability and geo-replication features for data protection and backup solutions.
More Related Content
![[SendGridローンチイベント] パブリック クラウド プラットフォーム「Windows Azure」](https://cdn.slidesharecdn.com/ss_thumbnails/20131210kkesendgridazure-131212011317-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BPStudy#80] パブリック クラウド プラットフォーム「Microsoft Azure」 最新アップデート #bpstudy](https://cdn.slidesharecdn.com/ss_thumbnails/20140425bpstudyazure-140425060959-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud](https://cdn.slidesharecdn.com/ss_thumbnails/fs0fswrr36f3q9puu3u6-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=640&height=640&fit=bounds)
More from Lai Yoong Seng
How Secure is Azure?
- 1. Lai Yoong Seng SeniorConsultant | MVP Hyper-V Yoongseng.lai@infrontconsulting.com | Infront http://www.ms4u.info
- 2.
- 3. Compliance with world classindustry standard verified by third parties • ISO 27001/27002 • SOC 1/SSAE 16/ISAE 3402 and SOC 2 • Cloud Security Alliance CCM • FedRAMP • FISMA • FBI CJIS (Azure Government) • PCI DSS Level 1 • United Kingdom G-Cloud • Australian Government IRAP • Singapore MTCS Standard • HIPAA • EU Model Clauses • Food and Drug Administration 21 CFR Part 11 • FERPA • FIPS 140-2 • CCCPPF • MLPS http://azure.microsoft.com/en-us/support/trust-center/compliance/
- 4. • Regular testingby Microsoft • Security Assessment https://security-forms.azure.com/penetration-testing/terms https://security-forms.azure.com/penetration-testing http://technet.microsoft.com/en-us/security/ff852094
- 5.
- 6. • Username/Password • Patching •Access Control List (ACL)
- 7. Security Extensions Ability todeploy anti-virus solutions at provision time from: • Microsoft (Preview) • Symantec • Trend Micro
- 8. Inbound Traffic fromInternet (Endpoints)
- 9. Network Security Groups(NSG) Enables network segmentation & DMZ scenarios Access Control List Filter conditions with allow/deny Individual addresses, address prefixes, wildcards Associate with VMs or subnets ACLs can be updated independent of VMs Virtual Network Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 VPN GW Internet On Premises 10.0/16 S2S VPNs Internet
- 10. Access Control Lists Tightensecurity with Access Control Lists
- 11. Multiple NICs inAzure VMs Multiple NICs enable virtual appliances in Azure MAC/IP addresses persist through VM life cycle Separate frontend-backend traffic, and management-data planes Requires a virtual network and specific instance sizes Up to 4 NICs per VM Azure Virtual Machine NIC2 NIC1 Default Internet 10.2.2.2210.2.3.33 10.2.1.11 VIP: 133.44.55.66
- 12.
- 13. Microsoft Azure Storage HighlyDurable Storage
- 14. continuous storage geo-replication WEST DC EAST DC > 400miles Microsoft Azure Storage Geo-Replicated Storage
- 15. Backup datacenter datato Windows using System Center Data Protection Manager Backup and recover files/folders from Windows Server 2012 Benefits Reliable offsite data protection Simple, familiar, integrated Efficient backup and recovery Easy set up Your On-Premises Datacenter
- 16.
- 18. www.ms4u.info Virtual Lai’s Blog Q&A Microsoft AzureTrust Center:- http://azure.microsoft.com/en- us/support/trust-center/security/ Azure Security, Privacy and Compliance :- http://go.microsoft.com/fwlink/?l inkid=392408&clcid=0x409 Thank you
Editor's Notes
- #4 Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run in Azure. ISO/EC 27001:2005 is a standard that specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System.
- #5 customers to carry out authorized penetration testing on their applications hosted in Azure. Because such testing can be indistinguishable from a real attack, it is critical that customers conduct penetration testing only after obtaining approval in advance from Azure Customer Support.
- #6 Built-in SSL and TLS cryptography enables customers to encrypt communications within and between deployments, from Azure to on-premises datacenters, and from Azure to administrators and users. 1st- Site to Site VPN -setup a vpn tunnel- 2nd – Site to Multisite VPN 3rd – Vnet to Vnet 4th – Point to site VPN -client computer can connect using certificate (protected connection)
- #7 No Admin/Administrator Password – 8 char long (must contain upper case,lower case, number & a special char
- #13 How it work? We store data is 3 disk – like mirror
- #14 If die, it is durable. Azure will mark as die and create another copy
- #15 If 3 disk not enough, you can enable geo redundant by replicating to another DC. (more than 400 miles away) Why 400 miles?
- #17 Data (It your own) – own control No advertising or Commercial If request, then will redirect to user