The idea that purchasing services from a cloud service provider may allow businesses to save money while they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing dialogue among prospective customers and service providers reveal some consistent themes and potential barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they are concerned as well about the implications of cloud services for their risk and operations decisions.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
We have discussed about the azure VMs Inventory management,Change management,tracking and update management. Discussed on Azure VMs. scaling on demand and how to increase the same. Disk addition and deletion as well.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
We have discussed about the azure VMs Inventory management,Change management,tracking and update management. Discussed on Azure VMs. scaling on demand and how to increase the same. Disk addition and deletion as well.
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
Security expert Randy Franklin Smith will explain the reasons why you might go through the extra trouble of a "red forest" — as well as the limitations of this structure.
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service.
Includes a few updates from the Philadelphia session!
this is presentation on ms palladium.
i am trying to understand easily and in short.
for more information and the notes about the ms palladium mail me.
Slides zur Präsentation von Claudio Mascaro, BCD-SINTRAG AG, am Citrix Day 2014 von Digicomp.
Citrix bietet mit XenMobile eine umfassende Suite für das Enterprise Mobility Management, die viele Einzelaspekte in einer Lösung vereint: XenMobile bietet einen integrierten Ansatz, der es erlaubt, mobile Endgeräte, Apps und Daten von einer zentralisierten Stelle zu sichern und zu verwalten sowie Richtlinien auf Basis von Gerätebesitz, Status und/oder Standort festzulegen. Wir stellen die Lösung, Vorteile und Funktionen für MDM, MAM, EMM, Daten-Management und mobile Apps vor.
Author: Jakub Kaluzny
Let's talk about large-scale security programmes and maintaining security with tens of project teams - agile or waterfall, in-house or outsourced. I will discuss how to effectively track security requirements, organise threat modelling sessions, log output from those and translate it into penetration testing scope and test cases. We will dive deep into evil brainstorming, come up with abuser stories for each user story and define what makes the SDLC process secure or not. This talk is based on my work with different organisations in multiple countries and observations what works well in regards to security at scale and what does not.
When companies endeavor to move their applications and services to the cloud, they tend to worry more about security up front. Interestingly, platforms such as Azure provide an even more secure environment than most self-managed co-location facilities can hope to offer, not to mention the plethora of features on the platform that help you secure your solutions end to end. In this session Michele will review the mini-avalanche that comprises Azure security across features. Taking the architect's view of the platform (with demos) she’ll cover best practices for securing Azure solutions end to end and discuss the tangential benefits of moving to Azure and how it can help you with checking the boxes on those pesky security surveys.
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
The first part of this presentation is designed to scare the cloud out of you by talking about some of the common and often overlooked concerns with cloud security. Then we'll bring you right back by showing you how cloud technology publishers as well as VARS, like BCS Prosoft are taking steps to mitigate potential threats and keep you business up and running 24/7/365.
SafeNet Enterprise Key and Crypto ManagementSectricity
With SafeNet, organizations can centrally, efficiently, and securely manage cryptographic keys and policies—across the key management lifecycle and throughout the enterprise. SafeNet's data center protection solutions are designed to secure all of the sensitive information that is stored in and accessed from enterprise data centers, including patient records, credit card information, social security numbers, and more.
Certificate of Cloud Security Knowledge, widely known as CCSK training course is an end to end knowledge-focused training and certification program that helps security professionals gain deep insights of the cloud security and related aspects while delivering far reaching understanding of how to address various cloud security concerns.
https://www.infosectrain.com/courses/certificate-cloud-security-knowledge-ccsk/
Get to know which security standards are applicable to OpenStack clouds
Evgeniya Shumakher, Mirantis
Compliance with critical industry and regulatory standards used to be mostly the concern of application makers and customers integrating their solutions. Cloud computing – especially IaaS – has made things a lot more complicated. Meanwhile, emerging cloud-specific standards, like FedRAMP or CSA cloud security guidelines, are suggesting new, complex and stringent requirements – while also offering critical guidance.
The presentation offers an inside look at the process:
The most important compliance and security standards for cloud builders,
Where existing OpenStack resources can fully or partially solve common compliance problems
Where standards support within OpenStack is currently thin
The common workflow for architecting standards-compliant clouds,
Common risks and emerging opportunities.
Take a closer look at PCI Compliance for private OpenStack clouds
Scott Carlson, PayPal
PCI Compliance is very important for large financial institutions. As one of the larger installations of OpenStack within the Financial space, PayPal has driven forward the PCI conversation and will be sharing the technical perspective on the following related to PCI and OpenStack Private Clouds:
How does OpenStack fit into an existing PCI-Compliant Environment
When there is not an external Cloud Service Provider, how does your team need to compensate
What are the design choices required to continue to be PCI-Compliant
Physical versus Logical devices
Hypervisor versus Guest compliance
Management Networks for PCI and non-PCI Zones
The case study won’t give a fully prescriptive talk on how to obtain PCI compliance, because there is a lot more to gaining compliance than just making your cloud compliant, but will help to understand:
Where existing OpenStack resources can fully or partially solve PCI compliance problems,
Where OpenStack community needs to join together to solve in order to continue growth
into PCI-compliant spaces.
Nate Warfield, Microsoft
Ben Ridgway, Microsoft
MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace.
Learn how to take control of your data by using advanced encryption, centralized key management and cutting edge access controls and policies. In this session, Imam Sheikh, Dir. Product Management at Vormetric, and Tricia Pattee, HOSTING Product Manager will discuss how to proactively address PCI Compliance in the cloud, protect intellectual property and comply with data privacy and system integrity regulations. Join this informative webinar to learn about HOSTING and Vormetric data encryption security solutions and best practices that have helped leading Fortune 500 businesses protect their sensitive data across their private, public and hybrid cloud environments!
What you'll learn:
• How data encryption helps prevent data breaches
• How to address PCI compliance requirements in the cloud
• How to safeguard cardholder information that is stored in a variety of different databases and versions
• The HOSTING and Vormetric approach to securing data in motion and at rest
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
Today, nearly all developers rely on third party components for building an application. Thus, for most software vendors, third
party components in general and Free/Libre and Open Source Software (FLOSS) in particular, are an integral part of their
software supply chain.
As the security of a software offering, independently of the delivery model, depends on all components, a secure software supply
chain is of utmost importance. While this is true for both proprietary and as well as FLOSS components that are consumed,
FLOSS components impose particular challenges as well as provide unique opportunities. For example, on the one hand,
FLOSS licenses contain usually a very strong “no warranty” clause and no service-level agreement. On the other hand, FLOSS
licenses allow to modify the source code and, thus, to fix issues without depending on an (external) software vendor.
This talk is based on working on integrating securely third-party components in general, and FLOSS components in particular,
into the SAP's Security Development Lifecycle (SSDL). Thus, our experience covers a wide range of products (e.g., from small
mobile applications of a few thousands lines of code to large scale enterprise applications with more than a billion lines of code),
a wide range of software development models (ranging from traditional waterfall to agile software engineering to DevOps), as
well as a multiple deployment models (e.g., on premise products, custom hosting, or software-as-a-service).
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
Security expert Randy Franklin Smith will explain the reasons why you might go through the extra trouble of a "red forest" — as well as the limitations of this structure.
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
Cloud Security is YOUR responsibility, not just your service provider! Understand the shared responsibilities of Cloud Computing from the public cloud to application as a service.
Includes a few updates from the Philadelphia session!
this is presentation on ms palladium.
i am trying to understand easily and in short.
for more information and the notes about the ms palladium mail me.
Slides zur Präsentation von Claudio Mascaro, BCD-SINTRAG AG, am Citrix Day 2014 von Digicomp.
Citrix bietet mit XenMobile eine umfassende Suite für das Enterprise Mobility Management, die viele Einzelaspekte in einer Lösung vereint: XenMobile bietet einen integrierten Ansatz, der es erlaubt, mobile Endgeräte, Apps und Daten von einer zentralisierten Stelle zu sichern und zu verwalten sowie Richtlinien auf Basis von Gerätebesitz, Status und/oder Standort festzulegen. Wir stellen die Lösung, Vorteile und Funktionen für MDM, MAM, EMM, Daten-Management und mobile Apps vor.
Author: Jakub Kaluzny
Let's talk about large-scale security programmes and maintaining security with tens of project teams - agile or waterfall, in-house or outsourced. I will discuss how to effectively track security requirements, organise threat modelling sessions, log output from those and translate it into penetration testing scope and test cases. We will dive deep into evil brainstorming, come up with abuser stories for each user story and define what makes the SDLC process secure or not. This talk is based on my work with different organisations in multiple countries and observations what works well in regards to security at scale and what does not.
When companies endeavor to move their applications and services to the cloud, they tend to worry more about security up front. Interestingly, platforms such as Azure provide an even more secure environment than most self-managed co-location facilities can hope to offer, not to mention the plethora of features on the platform that help you secure your solutions end to end. In this session Michele will review the mini-avalanche that comprises Azure security across features. Taking the architect's view of the platform (with demos) she’ll cover best practices for securing Azure solutions end to end and discuss the tangential benefits of moving to Azure and how it can help you with checking the boxes on those pesky security surveys.
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
The first part of this presentation is designed to scare the cloud out of you by talking about some of the common and often overlooked concerns with cloud security. Then we'll bring you right back by showing you how cloud technology publishers as well as VARS, like BCS Prosoft are taking steps to mitigate potential threats and keep you business up and running 24/7/365.
SafeNet Enterprise Key and Crypto ManagementSectricity
With SafeNet, organizations can centrally, efficiently, and securely manage cryptographic keys and policies—across the key management lifecycle and throughout the enterprise. SafeNet's data center protection solutions are designed to secure all of the sensitive information that is stored in and accessed from enterprise data centers, including patient records, credit card information, social security numbers, and more.
Certificate of Cloud Security Knowledge, widely known as CCSK training course is an end to end knowledge-focused training and certification program that helps security professionals gain deep insights of the cloud security and related aspects while delivering far reaching understanding of how to address various cloud security concerns.
https://www.infosectrain.com/courses/certificate-cloud-security-knowledge-ccsk/
Get to know which security standards are applicable to OpenStack clouds
Evgeniya Shumakher, Mirantis
Compliance with critical industry and regulatory standards used to be mostly the concern of application makers and customers integrating their solutions. Cloud computing – especially IaaS – has made things a lot more complicated. Meanwhile, emerging cloud-specific standards, like FedRAMP or CSA cloud security guidelines, are suggesting new, complex and stringent requirements – while also offering critical guidance.
The presentation offers an inside look at the process:
The most important compliance and security standards for cloud builders,
Where existing OpenStack resources can fully or partially solve common compliance problems
Where standards support within OpenStack is currently thin
The common workflow for architecting standards-compliant clouds,
Common risks and emerging opportunities.
Take a closer look at PCI Compliance for private OpenStack clouds
Scott Carlson, PayPal
PCI Compliance is very important for large financial institutions. As one of the larger installations of OpenStack within the Financial space, PayPal has driven forward the PCI conversation and will be sharing the technical perspective on the following related to PCI and OpenStack Private Clouds:
How does OpenStack fit into an existing PCI-Compliant Environment
When there is not an external Cloud Service Provider, how does your team need to compensate
What are the design choices required to continue to be PCI-Compliant
Physical versus Logical devices
Hypervisor versus Guest compliance
Management Networks for PCI and non-PCI Zones
The case study won’t give a fully prescriptive talk on how to obtain PCI compliance, because there is a lot more to gaining compliance than just making your cloud compliant, but will help to understand:
Where existing OpenStack resources can fully or partially solve PCI compliance problems,
Where OpenStack community needs to join together to solve in order to continue growth
into PCI-compliant spaces.
Nate Warfield, Microsoft
Ben Ridgway, Microsoft
MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace.
Learn how to take control of your data by using advanced encryption, centralized key management and cutting edge access controls and policies. In this session, Imam Sheikh, Dir. Product Management at Vormetric, and Tricia Pattee, HOSTING Product Manager will discuss how to proactively address PCI Compliance in the cloud, protect intellectual property and comply with data privacy and system integrity regulations. Join this informative webinar to learn about HOSTING and Vormetric data encryption security solutions and best practices that have helped leading Fortune 500 businesses protect their sensitive data across their private, public and hybrid cloud environments!
What you'll learn:
• How data encryption helps prevent data breaches
• How to address PCI compliance requirements in the cloud
• How to safeguard cardholder information that is stored in a variety of different databases and versions
• The HOSTING and Vormetric approach to securing data in motion and at rest
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
Today, nearly all developers rely on third party components for building an application. Thus, for most software vendors, third
party components in general and Free/Libre and Open Source Software (FLOSS) in particular, are an integral part of their
software supply chain.
As the security of a software offering, independently of the delivery model, depends on all components, a secure software supply
chain is of utmost importance. While this is true for both proprietary and as well as FLOSS components that are consumed,
FLOSS components impose particular challenges as well as provide unique opportunities. For example, on the one hand,
FLOSS licenses contain usually a very strong “no warranty” clause and no service-level agreement. On the other hand, FLOSS
licenses allow to modify the source code and, thus, to fix issues without depending on an (external) software vendor.
This talk is based on working on integrating securely third-party components in general, and FLOSS components in particular,
into the SAP's Security Development Lifecycle (SSDL). Thus, our experience covers a wide range of products (e.g., from small
mobile applications of a few thousands lines of code to large scale enterprise applications with more than a billion lines of code),
a wide range of software development models (ranging from traditional waterfall to agile software engineering to DevOps), as
well as a multiple deployment models (e.g., on premise products, custom hosting, or software-as-a-service).
How can security assurance (SA) be applied in agile software development? This presentation discusses reasons for misalignment between agile and SA practices, as well as compatible or even mutually reinforcing techniques. The intuitive concept of evil user stories is explored, and the more wholesome and formal approach of Microsoft, SDL/Agile, is outlined.
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
Developer Edition, presented at Philly Emerging Technologies in the Enterprise conference, 2016: increased discussion regarding management of third party libraries during design and development as a part of SDL process, overview of vulnerability management concepts, SDL, Incident Response processes, CVSS, and vulnerability data sources. Attendees were provided with concrete recommendations for each phase of SDL to improve their third party library security.
-------
Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly.
How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products – as well as actions developers, the security research community, and enterprise customers can take to address this problem.
Security in the Development Lifecycle - lessons learnedBoaz Shunami
In this presentation, I delivered in the OWASP IL conference on September 2012.
I discuss the lessons learned from several years of Implementing Application Security into the development lifecycle on organizations in IL, EU and US. I cover some different approaches to the subject and also different types of organizations. Concluding with some recommendations.
Feel free to contact me if you have any questions:
boaz (at) komodosec.com
check out our website and services on:
www.komodosec.com
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureStefaan Van daele
This is the presentation I have given at the Secure Cloud 2014 conference in Amsterdam with a small update: it contains the link to the website with additional information about security use cases in the different Cloud models ( IaaS, PaaS, SaaS )
.Net Microservices with Event Sourcing, CQRS, Docker and... Windows Server 20...Javier García Magna
Good technical practices you can follow with (micro)services but can be applied to almost anything: discovery (microphone/consul), security, resilience (polly), composition, ssecurity (jwt/oauth2)... And then an example with a CQRS application, and how docker can be used in Windows 2016. Lastly a brief summary of what Service Fabric is and its programming models.
XPDS13: Erlang on Xen - Redefining the Cloud Software Stack - Victor Sovietov...The Linux Foundation
Today the software stack inside cloud instances closely follows the traditional pattern, the pattern optimised for a completely different settings. The emerging OS-less software technologies promise to radically simplify the software inside virtual servers. Erlang on Xen is one of such technologies. It is a highly-compatible reimplementation of the Erlang VM that run directly on Xen. The super-elastic services based on Erlang on Xen adhere to 7 'commandments': 1) Do not assume the presence of OS underneath; 2) Software must be oblivious to boundaries of physical nodes 3) All services share the same auto-scalable infrastructure 4) Run computations near the data they process 5) Child nodes get configuration from the parent only 6) Avoid “administration” at all costs 7) SMP is abomination of cloud computing.
Azure Architecture Solutions Overview: Part 1Dzmitry Durasau
Session covers not only typical infrastructure architectures in Azure but also best practice of implementation of fault tolerant and high loaded applications in the Cloud. You’ll have advice and recommendations first-hand from IT frontier. Session is based on own proven experience and Microsoft recommendations.
Serverless Security: Are you ready for the Future?James Wickett
Talk from RSA 2017 on Serverless Security and the 4 areas of growth for security in the world of serverless. In this talk, there is also the first release of lambhack, an open source, vulnerable lambda-based serverless stack demoing arbitrary code execution in lambda.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Azure vs AWS Best Practices: What You Need to KnowRightScale
Azure is now the clear #2 in public cloud behind AWS. While some cloud users are evaluating Azure vs. AWS, many enterprises are planning to use both cloud providers. But there are some notable differences between how the two clouds operate and the best practices for deploying workloads in each.
The Azure vs. AWS Best Practices: What You Need to Know webinar will cover:
Recent and coming enhancements for Azure.
Azure vs. AWS differences for compute, networking, and storage.
Best practices for cloud deployments in Azure and AWS.
How to use both Azure and AWS.
This volume of the Microsoft Security Intelligence Report focuses on the first and second quarters of 2016, with trend data for the last several quarters presented on a quarterly basis. Because vulnerability disclosures can be highly inconsistent from quarter to quarter and often occur disproportionately at certain times of the year, statistics about vulnerability disclosures are presented on a half-yearly basis
Understanding Internet of Things - White Paper on Device ChoicesDavid J Rosenthal
As stated in the press, at conferences, and in publications , the Internet of Things (IoT) represents a huge opportunity across industries and customer segments. The paper “Building the Internet of Things”, which is available at http://aka.ms/iotwhitepaper discussed a broad set of topics associated with building IoT solutions. This paper is a follow on to that earlier paper and focuses on the "things" within IoT solutions.
First, it explains the concept of smart objects that contain devices, sensors and actuators, the combination of which will gather, process, send and receive data. Smart objects may or may not interact with a local gateway, which is sometimes used to provide external communication capabilities or provide local processing.
This paper also explains the set of considerations for device capabilities, and how they affect an overall solution. These considerations include cost, communications requirements, power availability, security requirements, and compute capacity. Next, it explains the options for device connectivity and the implications of choosing between common options.
Security in the IoT is critical, and a failure to consider security early in IoT design can lead to unfortunate and even catastrophic hacks that often end up in the news, potentially impacting human lives. Because overall system security starts at the device itself, the paper offers a set of device security principles and provides guidance on how to address those principles.
Interoperability in the IoT is also important today, and will continue to grow in mindshare and be seen as a critical requirement for emerging devices. This paper discusses standardization efforts, including the AllSeen Alliance, Open Interconnect Consortium, and several others. All of these efforts have strong industry supporters, but with the exception of AllSeen they are in their early stages. Although AllSeen and OIC are currently dominant, it’s too soon to call out a clear leader.
The final section of the paper discusses some example prototyping devices, their capabilities and some of the considerations when going from prototype to production.
This paper will give the reader a broad understanding of many of the aspects of device design for IoT solutions. For decision makers planning projects, this paper helps with scoping and knowing where more research is required to lay the groundwork for a successful IoT project.
Sample Cloud Application Security and Operations Policy [release]LinkedIn
Modern employees have lots of data to work with, and they expect easy-to-use tools that work everywhere they do. To accomplish this, organizations are now taking on a “Cloud First” strategy, and moving critical infrastructure onto hosted providers. This de-centralization means that as ever-increasing amounts of data and processing are shifted out of the direct control of IT and security management, security teams must institute a suite of controls that will ensure the safety of company and customer data. We have developed this Cloud Application Policy Framework to help those responsible for the Confidentiality, Accessibility, and Integrity of corporate data identify the controls that must be in place to successfully complete this mission.
Enterprise Social Collaboration Progression ModelMicrosoft
Microsoft and the Eller MBA program at the University of Arizona jointly developed the Social Collaboration Progression Model that outlines six stages of social collaboration and their triggers, obstacles, and impacts. The six phases identified in this model represent a progression that can be used to ascertain an organization's current state in the social collaboration paradigm. The paper identifies the prerequisites that are necessary to move to a chosen target stage, the obstacles that must be overcome, and the impacts of such a transition. The paper also addresses a high-level view of how social collaboration applies to the divisional levels within an organization.
Cisco 2017 Midyear Cybersecurity Report
Executive Summary
Executive Summary
For nearly a decade, Cisco has published comprehensive cybersecurity reports that are designed to keep security teams and the businesses they support apprised of
cyber threats and vulnerabilities—and informed about steps they can take to improve security and cyber-resiliency. In these reports, we strive to alert defenders to the
increasing sophistication of threats and the techniques that adversaries use to compromise users, steal information, and create disruption. Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
Migrating its entire virtualized environment from VMware to Hyper-V has helped Miele & Cie, an appliance manufacturer shrink its server space by more than 50 percent and improve productivity.
To add to the new flexible and energy-efficient data center, Miele has also ‘saved an estimated 35 percent in licensing costs by going with a Microsoft virtualization solution’.
Hyper-V has helped AcXess fill that much needed virtualization gap with an improvised and more competent functionality and reduced data center and hardware costs.
According to Tom Elowson, President and Cofounder, AcXess, “Hyper-V has made all the difference. It is amazing to think we have grown our business 300 percent over the last few years with Hyper-V. ”
There are many misconceptions surrounding Cloud Computing and what it has to offer.
Tell apart the facts from the myths with Cloud Computing Myth Busters and develop a deeper understanding of the Cloud.
Download Myth Busters >>
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Microsoft Windows Azure - Security Best Practices for Developing Windows Azure Applications Whitepaper
1. Security Best Practices
For Developing
Windows Azure Applications
Authors
Andrew Marshall (Senior Security Program Manager, Security Engineering)
Michael Howard (Principal Security Program Manager, Security Engineering)
Grant Bugher (Lead Security Program Manager, OSSC)
Brian Harden (Security Architect, OSSC)
Contributors
Charlie Kaufman (Principal Architect)
Martin Rues (Director, OSSC)
Vittorio Bertocci (Senior Technical Evangelist, Developer and Platform Evangelism)
June 2010 (R EVISION 2)
3. Table of Contents
TABLE OF CONTENTS .......................................................................................................................................... 3
EXECUTIVE SUMMARY ....................................................................................................................................... 5
INTENDED AUDIENCE ......................................................................................................................................... 5
OVERVIEW OF WINDOWS AZURE SECURITY-RELATED PLATFORM SERVICES........................................................ 5
IDENTITY MANAGEMENT AND ACCESS CONTROL ..................................................................................................................6
WINDOWS IDENTITY FOUNDATION ....................................................................................................................................6
ACTIVE DIRECTORY FEDERATION SERVICES 2.0.....................................................................................................................7
WINDOWS AZURE PLATFORM APPFABRIC ACCESS CONTROL SERVICE ......................................................................................7
DESIGNING MORE SECURE WINDOWS AZURE SERVICES ..................................................................................... 8
WINDOWS AZURE SERVICE-LAYER SECURITY CONSIDERATIONS ................................................................................................8
Namespace Configuration Issues ..........................................................................................................................8
Data Security .........................................................................................................................................................9
Handling Secret Information ...............................................................................................................................10
Auditing and Logging ..........................................................................................................................................10
Request Throttling / Input Sanitization ...............................................................................................................10
WINDOWS AZURE PLATFORM- & INFRASTRUCTURE-LAYER SECURITY PROTECTIONS ...................................................................11
Port Scanning/ Service Enumeration...................................................................................................................11
Denial of Service ..................................................................................................................................................11
Spoofing ..............................................................................................................................................................11
Eavesdropping / Packet Sniffing .........................................................................................................................11
Multi-tenant hosting and side-channel attacks ..................................................................................................11
External Verification............................................................................................................................................12
Runtime Security: Role Separation and Process privileges in Full Trust vs. Windows Azure Partial Trust ..........12
PUTTING IT ALL TOGETHER: CREATING MORE SECURE WINDOWS AZURE APPLICATIONS ...................................13
ISOLATE WEB ROLES AND SEPARATE DUTIES OF INDIVIDUAL ROLES IN ORDER TO MAXIMIZE THE USE OF WINDOWS AZURE PARTIAL
TRUST. .......................................................................................................................................................................13
USE THE “GATEKEEPER” DESIGN PATTERN TO SEPARATE ROLE DUTIES AND ISOLATE PRIVILEGED ACCESS .........................................13
USE MULTIPLE STORAGE KEYS TO RESTRICT ACCESS TO PRIVILEGED INFORMATION WHERE THE GATEKEEPER PATTERN DOES NOT APPLY.14
APPLYING SDL PRACTICES TO WINDOWS AZURE APPLICATIONS ........................................................................15
SECURITY EDUCATION AND AWARENESS ...........................................................................................................................16
SECURE DEVELOPMENT PRACTICES ON THE WINDOWS AZURE PLATFORM ...............................................................................16
VERIFICATION AND RELEASE ...........................................................................................................................................17
CONCLUSION ....................................................................................................................................................17
ADDITIONAL RESOURCES ..................................................................................................................................18
APPENDIX A. GLOSSARY ....................................................................................................................................19
APPENDIX B. WINDOWS AZURE DEPLOYMENT SECURITY THREAT MATRIX ........................................................19
4. APPENDIX C: EXCERPT FROM THE WINDOWS AZURE PARTIAL TRUST POLICY REFERENCE ..................................24
APPENDIX D: USING SDL-APPROVED CRYPTOGRAPHY IN WINDOWS AZURE APPLICATIONS ...............................26
5. Executive Summary
As businesses seek to cost-effectively consume IT services, interest is growing in moving computation and
storage from on-premise equipment to Internet-based systems, often referred to as “the cloud."
Cloud computing is not restricted to large enterprises; small companies benefit greatly from moving computing
and storage resources to systems such as Windows Azure. In fact, smaller companies are adopting this new
paradigm faster than larger companies1.
The idea that purchasing services from a cloud service provider may allow businesses to save money while
they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for
pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing
dialogue among prospective customers and service providers reveal some consistent themes and potential
barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to
address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they
are concerned as well about the implications of cloud services for their risk and operations decisions.
This paper focuses on the security challenges and recommended approaches to design and develop more
secure applications for Microsoft‟s Windows Azure platform. Microsoft Security Engineering Center (MSEC) and
Microsoft‟s Online Services Security & Compliance (OSSC) team have partnered with the Windows Azure team
to build on the same security principles and processes that Microsoft has developed through years of
experience managing security risks in traditional development and operating environments.
Intended Audience
This paper is intended to be a resource for technical software audiences: software designers, architects,
developers and testers who design, build and deploy more secure Windows Azure solutions.
This paper is organized into two sections2:
Overview of Windows Azure security-related platform services; and
Best practices for secure design, development and deployment:
Service-layer/application security considerations
Protections provided by the Azure platform and underlying network infrastructure.
Sample design patterns for hardened/reduced-privilege services.
Overview of Windows Azure security-related platform
services
The following sections describe some of the platform services and security functionality available to developers
who build applications on Windows Azure.
1
“Cloud Computing: Small Companies Take Flight” BusinessWeek
http://www.businessweek.com/technology/content/aug2008/tc2008083_619516.htm
2
The distinction between “security features” and “secure features” is an important one. “Security features”
are the technologies, such as authentication or encryption that can help protect a system and its data.
“Secure features” are technologies that are resilient to attack, such as encryption key storage and
management or code with no known vulnerabilities
6. Identity Management and Access Control
Identity management has emerged as an increasingly complex issue for developers, and proper identity
management remains a priority, even as business networks change. Identity management is as much about
preventing unauthorized third-party access to data as it is about controlling the authorized use of data. Identity
management helps systems control the amount and type of data that users can access, and it helps ensure
that users are performing necessary functions at the lowest-possible privilege levels. Identity management is
also critical for maintaining separation of roles and duties, which may be required by specific regulatory and
compliance standards.
Today, developers face a common challenge: To provide authorized users, clients and systems with access to
the data they require at any time, from any technology, in any location, while meeting basic security
requirements for confidentiality, availability and integrity. At first glance, cloud computing technology might
seem inappropriate or poorly suited to meet such rigorous standards: Developers seek to restrict access to
data that exists in a comparatively uncontrolled environment (cloud), and that data may be co-mingled with
resources that are owned by someone else. Those concerns, while legitimate, can be effectively addressed by
using claims-based identity.
Claims-based identity, an approach to authentication and access management based on open protocols, is an
access control strategy that is consistently applied across the full range of Microsoft product and services. One
of the key properties of claims-based identity is that it reduces infrastructure dependencies because
applications protected with claims-based identity can be hosted on-premises or in the cloud without changes.
Applications targeting Windows Azure can take advantage of the same developer tools, identity management
features and services that are available to their on-premises counterparts.
Below is a list of the most relevant identity technologies and services that can work with Windows Azure to
protect applications and resources.
Windows Identity Foundation
Active Directory Federation Services 2.0
Windows Azure AppFabric Access Control Service
Windows Identity Foundation
Windows Identity Foundation (WIF) is the latest addition to the foundational technologies in the .NET
Framework. It enables .NET developers to offload the identity logic from their application, providing a solid
development model based on separation of concerns. Non-experts can easily secure their applications without
being exposed to the underlying complexity of cryptography and protocols, leveraging Visual Studio integration
features such as point-and-click wizards which result in applications protected using open, interoperable
standards such as WS-Federation and WS-Trust.
Despite the easy to use programming model, which unifies ASP.NET web applications and (Windows
Communication Foundation) WCF SOAP services under a single object model, Windows Identity Foundation has
a full range of security of features offered by WS-Security, the SAML token format and many other enterprise-
grade industry standards.
When using Windows Identity Foundation the mechanics of authentication are provided by external services,
using platform-independent protocols. The application receives information about authenticated users in forms
of claims, which can be used for simple or traditional role-base access control (RBAC) to sophisticated access
control policies.
7. Because open standards are used, the authentication can take place regardless of where the user accounts are
maintained or where the application is hosted: as a result, single sign on (SSO) across on-premises and
Windows Azure hosted resources is easily achieved.
Although the authentication services can be provided from any platform complying with the open protocols
used by Windows Identity Foundation, the best way to leverage existing investments in the Windows
infrastructure is to outsource authentication to Active Directory Federation Services 2.0.
Active Directory Federation Services 2.0
Although Active Directory Federation Services 2.0 (AD FS 2.0) is a technology that can be deployed on-
premises, it can play a key role in enabling authentication for Windows Azure applications.
AD FS 2.0 is a Windows Server role that extends Active Directory (AD) with claims-based identity capabilities.
AD FS 2.0 provides AD with a Security Token Service (STS) which is a single interface enabling existing users
to authenticate using applications regardless of whether they are hosted in a data center, at one partner‟s site,
or in the cloud. Users are no longer constrained by the boundaries of their local network: if an application
hosted in Windows Azure has been developed using Windows Identity Foundation (or an equivalent stack
complying with the same open standards), AD FS 2.0 allows instantly granting anybody with an account in the
local directory access to this application. All without requiring any form of synchronization, new account
provisioning or duplication.
AD FS 2.0 facilitates the establishment and maintenance of trust relationships with federated partners,
simplifying access to resources and distributed single sign-on.
AD FS 2.0 implements standards such as WS-Trust, WS-Federation and the SAML protocol, and successfully
passed the latest public Liberty Alliance SAML 2.0 interoperability testing which proved out-of-the-box
interoperability with products from IBM, Novell, Ping Identity, SAP, Siemens and many others.
Windows Azure Platform AppFabric Access Control Service
The Windows Azure platform AppFabric Access Control (AC) service is a hosted service that provides federated
authentication and rules-driven, claims-based authorization for REST Web services. REST Web services can rely
on AC for simple username/password scenarios, in addition to enterprise integration scenarios that use Active
Directory Federation Services 2.0.
Applications exposing REST Web services can take advantage of the AC regardless of where they are deployed,
either on-premises, in Windows Azure, or anywhere else where an internet connection is available. AC allows
customers to achieve true externalization of authorization policies, offering the chance of decoupling
applications from most of their authorization logic by hosting it (in the form of claims transformation rules) at
the AC itself.
The AC leverages the OAuth Web Resource Authorization Protocol (OAuth WRAP), a lightweight protocol which
makes it possible to take advantage of claims-based identity with REST-based APIs, without imposing strong
requirements on clients and service providers: this enables unprecedented reach, enabling a wide array of
device types and communication stacks to participate in secure transactions. OAuth WRAP is the basis for the
upcoming Oauth 2.0 specification, a protocol which is catalyzing the consensus of the key players in the Web
space.
AC is also capable of bridging the enterprise identity and the REST worlds, thanks to its capability of using
SAML tokens issued by an AD FS 2.0 instance for accessing REST services via OAuth WRAP protocol.
8. Future releases of the AC will, among many others, support the protocols implemented by WIF and ADFS 2.0
natively, ensuring seamless integration across solutions based on those technologies
Designing More Secure Windows Azure Services
When it comes to cloud-based solutions, it is more important for software designers and developers to
anticipate threats at design time than is the case with traditional boxed-product software deployed on servers
in a corporate datacenter. This section highlights some specific threats that developers are responsible for
mitigating in the cloud and describes the protections that Windows Azure provides against an array of service-,
platform- and infrastructure-layer security threats.
Windows Azure Service-layer security considerations
The threat landscape for a cloud-based web service is substantially different from traditional hosted web
services in terms of mitigating tools and technologies. Threats also vary dramatically among cloud providers.
Appendix B contains a security threat matrix specific to Windows Azure. This matrix can be used to help
identify which security threats are most important for an application.
The key points are as follows:
Developers must map the traditional on-premise enterprise security requirements of their application
or service to Windows Azure platform services that provide comparable functionality. Any remaining
threats must be mitigated by the application or service. Consult Appendix B for details about specific
mitigations.
Understand the security requirements of the service being designed or migrated, especially in the
context of authentication, authorization and auditing. The platform services which provide these
features (Windows Identity Foundation, Windows Azure AppFabric Access Control Service, Windows
Azure Monitoring and Diagnostic APIs) and the methods developers use to invoke them are
substantially different from those provided in an on-premise enterprise deployment (Kerberos, Active
Directory, Windows Event Logs).
Leverage Windows Azure platform services to build more secure applications.
Despite some of the protections that moving to the cloud may offer, developers are still responsible for writing
good code -- and they are still responsible for the security of their applications when dealing with threats to the
web service code itself. Input field constraint, sanitization and validation are still the most important ways to
help protect a web service application, whether it is a cloud-based application or not. Windows Azure runs web
roles in Internet Information Services 7 Hosted Web Core. Because of IIS7‟s secure default configuration,
developers inherit some basic IIS7 protections, such as the ValidateRequest configuration setting.
Developers must mitigate cross-site scripting attacks by encoding and validating inputs to their services with
the Microsoft Anti-Cross-Site-Scripting library or other similar libraries, especially if that input is displayed back
to the user in a web page. Cross-site request forgery (CSRF) attacks must also be mitigated by setting a
hidden session token in client requests and setting Page.ViewStateUserKey to the current session ID.
Namespace Configuration Issues
Here are a few more configuration issues to be aware of in the cloud:
Avoid using *servicename*.cloudapp.net domain name - use a custom domain name instead. An
important distinction between the enterprise and the cloud is that the cloudapp.net namespace is
9. shared among all Azure customers while the namespace Microsoft.com is wholly-owned and controlled
by Microsoft. This means that the cloudapp.net namespace is inherently less trusted than the domain
namespace of a single enterprise because one customer of Windows Azure does not automatically
trust all other customers in that domain namespace. Don‟t create code that requires users to place
cloudapp.net in the trusted sites list in their web browser.
Never scope cookies or document.domain to cloudapp.net. Instead, scope to the service subdomain
(such as contoso.cloudapp.net, for example or, better, www.contoso.com).
For most content, only interactions with content from the same domain are allowed. For example, a typical
page on www.microsoft.com can freely script content on any other page on www.microsoft.com, but it cannot
script to pages that are located on a different Web domain. The DHTML Object Model uses the
document.domain property to enforce this restriction. Only pages with identical domain properties are allowed
free interaction. The protocol of the URL must also match. For example, an HTTP page cannot access HTTPS
content.
Important: Any attempt to broaden document.domain access can leave a service open to scripting attacks from
the entire cloudapp.net domain namespace. IIS7 sets document.domain to the full subdomain by default (like
contoso.cloudapp.net or www.microsoft.com), but the scoping is so often changed by web developers that it
warrants mention.
Data Security
When designing Web Role interactions with Windows Azure Storage, Shared Access Signatures can be a
powerful tool. Shared Access Signatures are effectively access tokens that bestow a set of rights against a blob
or blob container that normally would not be set public. Since web applications are responsible for generating
these tokens, they are also responsible for securely distributing them. In the event that one of these tokens is
compromised, developers can either update the blob/container metadata to invalidate the token, or simply
create a new container for the blob data. However, this is still a reactive measure taken after damage could
have already been done. Outlined, below are guidelines for minimizing risk while using Shared Access
Signatures.
Generate Shared Access Signatures with the most restrictive set of ACLs possible that still grant the
access required by the trusted party.
Use the shortest lifetime possible.
Use HTTPS in the request URL so the token cannot be snooped on the wire.
Remember that these tokens are only used for temporary access to non-public blob storage – as with
passwords, it‟s a bad idea to use the same ones over and over.
Windows Azure table storage provides a simple structured storage environment and is not SQL-based, so
common SQL injection vulnerabilities do not apply to an application that uses it. However, applications using
SQL Azure or other relational database services still need to mitigate traditional SQL injection threats.
Table storage requests are either made directly, using HTTP GET and POST requests, or they are translated
into these requests by the SDK and LINQ. Since HTTP requests are text, if this request string were constructed
based on data gathered from users, then the user‟s strings could possibly change the semantics of the request
(e.g. by inserting carriage returns or & characters.) To avoid injection attacks, do not base any container
names, blob names, blocks, block IDs, or table names on data gathered from users. When constructing a REST
10. query that involves user data, help ensure the data‟s safety by URL encoding before concatenating it into the
query.
Handling Secret Information
Currently there is no support for Data Protection API (DPAPI)-like persistence of secret data in Windows Azure
Storage. If a service must encrypt secret data at rest within Windows Azure Storage, then it needs to encrypt
that data offsite, and before uploading the encrypted payload to blob storage. This can be done easily with an
AES key generated on a client machine or elsewhere within the enterprise. Also, developers should not upload
the key or any keying material to Windows Azure Storage, regardless of how careful they are about hiding it. If
any computer or storage services were compromised, it could lead to encryption keys being exposed. Microsoft
recommends using 256-bit AES keys for symmetric encryption.
Developers also should not store private keys associated with SSL/TLS certificates in Windows Azure Storage.
Instead, upload them through the Developer Portal and access them via thumbprint references in the Service
Configuration. Windows Azure will not only store these certificates encrypted at all times, but also securely
provision them into the certificate stores of the service‟s web roles upon boot. Developers should not attempt
to store certificates anywhere on their own as these actions would constitute re-inventing a protection already
supplied by the platform.
Sample code that shows how to install certificates in Windows Azure is available at
http://blogs.msdn.com/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx.
Appendix D contains security best practices for cryptography usage.
Auditing and Logging
Local VM disk access by Windows Azure roles should be considered temporary and not reliable for anything
more than temp files and caching. On Windows Azure, events are not written to application, security, or audit
event logs as they are on Windows servers. Instead, events data is logged to Windows Azure Storage through
the Monitoring and Diagnostics Agent via trace listeners in web application code. The logs are then stored
long-term in Windows Azure Storage via scheduled transfers performed by the Monitoring Agent.
Windows Azure Table Storage is used to log certain types of events, including Windows Event and Diagnostics
Logs, Windows Azure Logs and performance counters.
Windows Azure does not currently support encryption-at-rest of table storage information, so developers
should not write sensitive information to any events stored in Windows Azure Table Storage. Refer to
“Handling Secret Information” on page 8 for more information about encrypting sensitive data.
Developers must decide to use HTTP or HTTPS depending on the contents of the logs. If an application is
logging a large amount of data that won‟t be of interest to outside parties or eavesdroppers, then HTTP can be
used for a faster transfer. However, Microsoft recommends protecting all log data in transit to Windows Azure
Storage by using HTTPS.
Request Throttling / Input Sanitization
Developers must do application-level throttling of incoming requests for any kind of complex, time-intensive
operation.
It is also important to fuzz test any new parsers deployed as part of a web service. The Microsoft Security
Development Lifecycle (SDL) portal at http://www.microsoft.com/sdl provides resources on fuzzing parsers. If
a service is parsing a proprietary file or request format (perhaps encapsulated inside HTTP), then fuzz test it to
ensure the code can correctly accommodate malformed input. Generally speaking, an automated fuzzing
11. framework that fuzzes 100,000 iterations of each new format or protocol without crashing, or runs non-stop for
24 hours, will give developers a good indication of threat resistance. This is the fuzzing requirement that
Microsoft currently applies to “boxed-product” software.
Windows Azure Platform- & Infrastructure-layer security protections
This section outlines security threats that are mitigated on developers‟ behalf by the Windows Azure platform
and underlying network infrastructure.
Port Scanning/ Service Enumeration
The only ports open and addressable (internally or externally) on a Windows Azure VM are those explicitly
defined in the Service Definition file. Windows Firewall is enabled on each VM in addition to enhanced VM
switch packet filtering, which blocks unauthorized traffic
Denial of Service
Windows Azure‟s load balancing will partially mitigate Denial of Service attacks from the Internet and internal
networks. This mitigation is done in conjunction with the developer defining an appropriate Service Definition
VM instance count scale-out. On the Internet, Windows Azure VMs are only accessible through public Virtual
IP Addresses (VIPs). VIP traffic is routed through Windows Azure‟s load-balancing infrastructure. Windows
Azure monitors and detects internally initiated Denial of Service attacks and removes offending VMs/accounts
from the network. As a further protection, the root host OS that controls guest VMs in the cloud is not directly
addressable internally by other tenants on the Windows Azure network and the root host OS is not externally
addressable.
Windows Azure is also reviewing additional Distributed Denial of Service (DDoS) solutions available from
Microsoft Global Foundation Services to help further protect against Denial of Service attacks.
Spoofing
VLANs are used to partition the internal network and segment it in a way that prevents compromised nodes
from impersonating trusted systems such as the Fabric Controller. At the Hypervisor VM Switch, additional
filters are in place to block broadcast and multicast traffic, with the exception of what is needed to maintain
DHCP leases. Furthermore, the channel used by the Root OS to communicate with the Fabric Controller is
encrypted and mutually authenticated over an HTTPS connection, and it provides a secure transfer path for
configuration and certificate information that cannot be intercepted.
Eavesdropping / Packet Sniffing
The Hypervisor‟s Virtual Switch prevents sniffer-based attacks against other VMs on the same physical host.
Top-of-rack switches will be used to restrict which IP and MAC addresses can be used by the VMs and
therefore mitigate spoofing attacks on internal networks. To sniff the wire inside the Windows Azure cloud
environment, an attacker would first need to compromise a VM tenant in a way that elevated the attacker to
an administrator on the VM, then use a vulnerability in the hypervisor to break into the physical machine root
OS and obtain system account privileges. At that point the attacker would only be able to see traffic inbound to
the compromised host destined for the dynamic IP addresses of the VM guests controlled by the hypervisor.
Multi-tenant hosting and side-channel attacks
Information disclosure attacks (such as sniffing) are less severe than other forms of attack inside the Windows
Azure datacenter because virtual machines are inherently untrusted by the Root OS Hypervisor. Microsoft has
done a great deal of analysis to determine susceptibility to side-channel attacks. Timing attacks are the most
difficult to mitigate. With timing attacks, an application carefully measures how long it takes some operations
to complete and infers what is happening on another processor. By detecting cache misses, an attacker can
figure out which cache lines are being accessed in code. With certain crypto implementations involving lookups
12. from large tables, knowing the pattern of memory accesses - even at the granularity of cache lines - can reveal
the key being used for encryption. While seemingly far-fetched, such attacks have been demonstrated under
controlled conditions.
There are a number of reasons why side-channel attacks are unlikely to succeed in Windows Azure:
An attack works best in the context of hyper-threading, where the two threads share all of their
caches. Many current CPUs implement fully independent cores, each with a substantial private cache.
The CPU chips that Windows Azure runs on today have four cores per chip and share caches only in
the third tier.
Windows Azure runs on nodes containing pairs of quad-core CPUs, so there are three other CPUs
sharing the cache, and seven CPUs sharing the memory bus. This level of sharing leads to a great deal
of noise in any signal from one CPU to another because actions of multiple CPUs tend to obfuscate the
signal.
Windows Azure generally dedicates CPUs to particular VMs. Any system that takes advantage of the
fact that few servers keep their CPUs busy all the time, and implements more logical CPUs than
physical CPUs, might open the possibility of context switches exposing cache access patterns.
Windows Azure operates differently. VMs can migrate from one CPU to another, but are unlikely to do
so frequently enough to offer an attacker any information.
External Verification
Microsoft contracted two top-tier penetration testing firms to conduct security assessments on different
elements of the Windows Azure architecture before the Professional Developers Conferences (PDC) in 2008
and 2009. Each firm spent a significant amount of time examining hardened virtualization boundaries and
probing for side-channel or I/O thrashing attacks. Neither firm was able to mount a successful attack against
this design. That is not to say that such attacks are impossible to execute successfully, but six professional
penetration testers working over the course of seven weeks were unable to do so. These tests supplemented
required internal security testing.
Runtime Security: Role Separation and Process privileges in Full Trust vs.
Windows Azure Partial Trust
Windows Azure has a custom, restricted-privilege trust model available to all roles called “Windows Azure
Partial Trust.” Based on customer demand, Windows Azure also supports Full Trust with Native Code
Execution.
Full Trust with Native Code Execution facilitates the following scenarios:
Use of FastCGI or PHP.
Migration of traditional web services to the cloud.
Role invocation and spawning Windows sub-processes (native code or managed).
Calls into native libraries via P/Invoke (Platform Invocation Services).
A role that does not require the above functionality should have Windows Azure Partial Trust enabled. This
option not only minimizes the attack footprint of the role in question, but it also helps reduce damage caused
by a compromised role (see the Windows Azure Partial Trust comparison to Full Trust later in this document).
13. Regardless of the trust model selected, customer roles are hosted in non-Admin svchost processes. These
svchost processes run under virtual service account SIDs, and not as local system or network service or
administrator. This limitation provides two levels of defense-in-depth protection:
A compromised service cannot manipulate other instances of that service if those instances reside on
other VMs, and that helps limit an intrusion to a machine targeted for attack.
A compromised service cannot easily attack the VM guest operating system in order to compromise
the physical host OS. A compromised web role running in Windows Azure Partial Trust cannot
P/Invoke native code binaries which could then be used to expose sensitive information about the
service from the virtual machine (such as storage key data or application-specific intellectual property
that could be present in memory). Direct attacks on the root host through the root/guest Hypervisor
boundary in an attempt to gain control of the system are also mitigated.
Putting it all together: Creating more secure Windows
Azure applications
By understanding the Windows Azure runtime trust models and the security protections and responsibilities of
each cloud layer, developers can build hardened applications using the design best practices outlined below.
Isolate web roles and separate duties of individual roles in order to
maximize the use of Windows Azure Partial Trust.
The Trust Levels Appendix C illustrates a subset of Partial Trust Policy Restrictions. The complete listing of
restrictions is available in “Windows Azure Partial Trust Policy Reference.” The impact of these security
restrictions illustrates the value of using Windows Azure Partial Trust to help secure Windows Azure services,
especially externally-facing web roles. Most access to the local environment variables, file system and registry
is restricted. Socket and Web connection permissions are also locked down.
Use the “Gatekeeper” design pattern to separate role duties and
isolate privileged access
A Gatekeeper is a design pattern in which access to storage is brokered so as to minimize the attack surface of
privileged roles by limiting their interaction to communication over private internal channels and only to other
web/worker roles. These roles are deployed on separate VMs. In the event of a successful attack on a web
role, privileged key material is not compromised. The pattern can best be illustrated by the following example
which uses two roles:
The GateKeeper – this is a web role that services requests from the Internet. Since these requests are
potentially malicious, the Gatekeeper is not trusted with any duties other than validating the input it
receives. The GateKeeper is implemented in managed code and runs with Windows Azure Partial
Trust. The service configuration settings for this role do not contain any Shared Key information for
use with Windows Azure Storage.
The KeyMaster – this is a privileged backend worker role that only takes inputs from the Gatekeeper
and does so over a secured channel (an internal endpoint, or queue storage – either of which can be
secured with HTTPS). The KeyMaster handles storage requests fed to it by the GateKeeper, and
assumes that the requests have been sanitized to some degree. The KeyMaster, as the name implies,
is configured with Windows Azure Storage account information from the service configuration to
enableretrieval of data from Blob or Table storage. Data can then be relayed back to the requesting
14. client. Nothing about this design requires Full Trust or Native Code, but it offers the flexibility of
running the KeyMaster in a higher privilege level if necessary.
Figure 1: The Gatekeeper Design Pattern
This solution is not ideal, since the KeyMaster is relying on GateKeeper to tell it what content to serve out.
However, it does provide for separation of duty and it can poses additional challenges for an attacker. The
amount of trust the KeyMaster places in the GateKeeper can be custom-tailored, but it is advisable to minimize
the types of access requests allowed from the GateKeeper -- allowing the KeyMaster to accept Storage Blob
API read and list operations from GateKeeper, but not add or delete operations, for example.
This pattern can easily be adapted to work with more complex service architectures on Windows Azure. All that
is needed is to put a partial trust “Gatekeeper” in front of more privileged (or native code) roles to do the
parsing of potentially malicious data from the network. The concept is analogous to a firewall running as
Network Service to interact with foreign TCP payloads before pushing them up the stack to more critical
components.
Use multiple storage keys to restrict access to privileged information
where the Gatekeeper pattern does not apply.
In scenarios where a partial-trust Gatekeeper cannot be placed in front of a full-trust role, a multi-key design
pattern can be used to protect trusted storage data. An example case of this scenario might be when a PHP
web role is acting as a front-end web role, and placing a partial trust Gatekeeper in front of it may degrade
performance to an unacceptable level.
Up to five storage keys can be assigned to one Windows Azure subscription. This diversity can be used to
minimize exposure of a particular key to theft by placing lower-trust keys on lower-trust roles and higher-trust
keys on higher-trust roles.
”Untrusted web role A” in the figure below has access to only one storage account, and it is not trusted to do
anything but parse incoming requests and log them to storage account „A‟. “Trusted Role B” (in the
background) has the account keys for both storage „A‟ and „B‟, but is not exposed to potentially-malicious,
malformed inputs. “Trusted Role B” processes and filters requests from the untrusted role via storage „A,‟ but
expects a specific structure or format. „B‟ never fully trusts „A,‟ allowing for the “real” storage key of value
(account „B‟) to be protected even in the event of a fully compromised, externally-facing, untrusted role. As
with the Gatekeeper pattern, the trusted role should not provide unfettered access to the trusted store on
behalf of Web Role „A.‟ Instead, only a subset of legitimate commands should be serviced (such as read, but
not create/update/delete in certain cases).
15. Figure 2: The multi-key design pattern
The multi-key design pattern has some advantages over the Gatekeeper/KeyMaster pattern:
Providing separation of duty for storage accounts. In the event of Web Role A‟s compromise; only the
untrusted storage account and associated key are lost.
No internal service endpoints need to be specified. Multiple storage accounts are used instead.
Windows Azure Partial Trust is not required for the externally-facing untrusted web role. Since PHP
does not support partial trust, the Gatekeeper configuration is not an option for PHP hosting.
Applying SDL Practices to Windows Azure
Applications
This next section describes the security practices that should be considered when designing and building
Windows Azure applications.
The Microsoft Security Development Lifecycle (SDL) applies equally to applications built on the Windows Azure
platform and any other platform. Most Windows Azure applications have been built, or will be built using agile
methods. As a result, the SDL for agile process may be more applicable to applications hosted on Windows
Azure than to the classic phase-based SDL.
The Microsoft SDL Web site covers SDL for Agile in detail.
16. Microsoft requires that the SDL be followed for any Microsoft-developed software deployed on Windows Azure.
The SDL addresses security threats throughout the development process by means that include threat
modeling during the design process; following development best practices and code security standards during
coding; and requiring various tools for testing and verification before deployment. These proactive checks
during development make software less vulnerable to potential threats after release, and the SDL provides a
structured and consistent methodology with which to apply them. These methodologies, which are supported
by an executive commitment to security, have helped Microsoft develop more secure software. Anyone who
develops software in Windows Azure can use these same methods to improve security.
Security Education and Awareness
If a development team does not understand the basics of secure design and development, or the risks of
running web-based software and services, then security training is imperative, and it should be completed
before any Windows Azure application is designed, built, tested or deployed. All members of software
development teams should be informed about security basics and recent trends in security and privacy, and
they should attend at least one relevant security training class every year - at a minimum. Development team
members should be encouraged to seek opportunities for additional security and privacy education. Developers
who are well-versed and up-to-date on security issues are better able to design and develop software with
security in mind first and foremost -- and not as an afterthought or “bolt-on” feature added at the end of the
development process.
Given that Windows Azure applications are usually web-based managed code (ASP.NET) applications,
appropriate topics for security education include:
Secure design, including the following topics:
Attack surface reduction
Defense in depth
Principle of least privilege
Threat modeling
Secure coding, including the following topics:
Cross-site scripting
SQL injection
Managed code security (transparency, code access security, assembly strong naming, etc.)
The SDL Process Guidance documentation provides links to books and training materials that are useful for
beginning an SDL training program.
Secure Development Practices on the Windows Azure platform
The SDL provides guidance for use of development tools and practices that are applicable on the Azure
platform. For the current version of compilers, linkers and other tools mandated by the SDL, see the SDL
Process Appendix E.
Use the SDL-required (or later) compiler versions to compile for the Win64 target platform:
C/C++ code: Visual C++ 2008 SP1
C# or Visual Basic .NET code: Visual C# 2005 and Visual Basic .NET 2005
17. Compile and link native C/C++ code with /GS, /SAFESEH, /DYNAMICBASE and /NXCOMPAT. These
options are enabled by default in Visual C++ 2008 SP1 and later. You can verify these settings using
the BinScope binary analyzer.
Native C and C++ code must not use banned versions of buffer handling functions. For more
information, see Security Development Lifecycle (SDL) Banned Function Calls.
Use the currently required (or later) versions of code analysis tools for native C and C++ (the /analyze
compiler option).
Run the FxCop code analysis tool against all managed code and fix all violations of the “Security” rules
for the version of FxCop used.
Follow data input validation and output encoding requirements to address potential cross-site scripting
vulnerabilities.
If using Microsoft SQL Azure database storage, only use parameterized queries or LINQ when
accessing SQL-based data stores. Never dynamically construct a SQL statement from strings.
Use an approved XML parser, such as .NET‟s System.Xml classes or, for native C++ code, use
MSXML6 or XmlLite.
Make sure your application is compliant with SDL cryptographic retirements laid out in “Appendix D:
Using SDL-approved cryptography in Windows Azure” on page 26.
Verification and Release
Testing tools covered under SDL Process Guidance should be selected according to the specific technologies a
Windows Azure application uses. Many of the tools used for COM/DCOM, RPC, or ActiveX testing, as well as for
File Fuzzing, can be used on Windows Azure applications.
Conclusion
Computing solutions that use Windows Azure are very compelling to companies wishing to trim capital
expenditure. However, security remains an important consideration. Software architects and developers must
understand the threats to software developed for “the cloud” and use appropriate secure design and
implementation practices to counter threats in the cloud environment. The progression from classic, client-
server computing, to web-enabled applications, to applications hosted in the cloud, has changed the
boundaries of applications, and these boundary shifts make understanding the threats to Windows Azure-
based software all the more important. The work required to develop secure Windows Azure applications isn‟t
new, revolutionary, or technically challenging; it simply requires that designers and developers consider the
potential threats to their applications and apply the practices described in this paper.
18. Additional Resources
Microsoft Security Development Lifecycle (SDL) Portal
http://www.microsoft.com/sdl
Windows Azure Portal
http://www.microsoft.com/windowsazure/windowsazure/
Windows Azure Developer Portal
http://dev.windowsazure.com
Identity Developer Training Course
http://channel9.msdn.com/learn/courses/IdentityTrainingCourse/
Windows Identity Foundation
http://msdn.microsoft.com/en-us/security/aa570351.aspx
Active Directory Federation Services
http://www.microsoft.com/windowsserver2008/en/us/ad-fs.aspx
Microsoft‟s Compliance Framework for Online Services
http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf
Securing Microsoft's Cloud Infrastructure
http://www.globalfoundationservices.com/security/index.html
About Cross-Frame Scripting and Security
http://msdn.microsoft.com/en-us/library/ms533028(VS.85).aspx
19. Appendix A. Glossary
Developer Portal The Windows Azure Developer Portal is an administrative portal for managing,
deploying and monitoring Windows Azure services. The Developer Portal can be
accessed at http://windows.azure.com
Fabric The logical clusters of machines which provide a role execution environment inside a
virtual machine.
Partial Trust Partial trust is a concept in .NET that allows executable code to run with reduced
capabilities such as the ability to print, make a socket connection or open files.
REST REpresentational State Transfer; a software design that uses a stateless client-server
architecture in which the web services are viewed as resources and can be identified by
their URLs.
SAML Security Assertion Markup Language. An XML-based industry standard for exchanging
authentication and authorization information.
SDL The Microsoft SDL is a security assurance process that is focused on software
development. It is a collection of mandatory security activities, grouped by the phases
of a software development life cycle (SDLC). You can learn more about the Microsoft
SDL at http://www.microsoft.com/security/sdl/default.aspx
Svchost Svchost is a process for hosting Windows services. The services are implemented as
DLLs.
VM A software emulation of a computer that runs in an isolated partition of a real
computer.
VMBus The subsystem that transfers data between the root operating system and guest virtual
machines
Web Role A web role is a role that is customized for web application programming as supported
by IIS 7 and ASP.NET.
Worker Role A worker role is a role that is useful for generalized development and may perform
background processing for a web role
Appendix B. Windows Azure Deployment Security
Threat Matrix
This appendix focuses on security issues specific to customer-deployed services that run on Windows Azure, to
help highlight areas of increased risk and complexity compared to Software as a Service (SaaS) deployments
using traditional web services. The goal of this appendix is to help Windows Azure developers and customers
understand which security threats are mitigated by the Windows Azure environment and which security threats
must be mitigated by the developer.
This appendix does not enumerate every conceivable threat to an application running on the Windows Azure
infrastructure, nor does it address regulatory compliance issues.
Legend:
Mitigation is transparent to the customer, no action required.
20. Mitigation is provided by underlying platform/infrastructure
and must be utilized by the customer's web application/service;
Requires calls to existing/provided APIs.
Mitigation is per-service and is not provided at a lower level;
Must be mitigated by the customer‟s code.
Mitigation is not yet implemented (planned for a future version of
Windows Azure) but will be transparent to the customer once complete.
Mitigation is not yet implemented (planned for a future version of
Windows Azure) and will require customer code to use Windows Azure
APIs once complete.
Is this
issue
Nature of mitigation higher risk
Layer where
provided Application/Service-layer or more
Threat mitigation is
(if specific to mitigation required complex in
implemented
Windows Azure) cloud
deploymen
ts?
Spoofing
ARP Flooding Platform VM Switch None Required No
Top-of-rack switches
Infrastructure & restrict which IP and
IP address spoofing None Required No
Platform MAC addresses VMs
use
Microsoft Live DNS
DNS spoofing Infrastructure None Required No
Services
Tampering
21. Trusted Channel
Packet between Hypervisor
tampering/interceptio Platform and VM tenants, VM None Required Yes
n on VM Bus switch has additional
packet filters imposed
Binaries are Microsoft- Verify the signature of
Windows Azure OS signed and managed Windows Azure SDK binaries
Platform Yes
binary tampering assemblies are strong referenced in the application
named code.
Local
Web Roles run as non-
Filesystem/Registry
admin; strong ACLs on
Tampering by Platform None Required Yes
file system/registry
compromised web
enforced by runtime
services
Tampering/disclosure Use Windows Identity
of credentials or other Foundation and HTTPS
Web Role No
sensitive application mutual authentication for SSL
data connections
Tampering with
customer VLANs, IP ACLs, Mutual
configuration data, SSL authentication in
Infrastructure &
encryption keys and use between fabric None Required No
Platform
intellectual property controller and
during web role root/guest nodes.
provisioning
Repudiation
Use monitoring and
Windows Azure diagnostic APIs as needed;
Audit log collection, Platform and Web
Monitoring and transfer logs to Storage Yes
storage and analysis Role
Diagnostics APIs private blob/table storage
over HTTPS
Information
Disclosure
Footprinting or VLANs, HW & SW
enumeration of firewalls, VM switch
Platform None Required Yes
services & applications filters, IP filtering in VM
in the VM Guest
22. Side-channel attacks 1 VM per core, no
against VM Guests on communications
Platform None Required Yes
the same physical between different
host tenants
Disclosure of data in Use HTTPS in place of HTTP
Platform and Web
transit between client where sensitive data is Yes
Role
and server transferred
Disclosure of SSL Secure provisioning via Use the certificate store for
Platform and Web
Certificates/keys used Windows Azure client and server SSL Yes
Role
by Web Roles Certificate Store certificate storage
Disclosure of arbitrary Pre-encrypt secret data prior
secrets in to uploading. Do not store
Web Role/Client Yes
blob/table/queue decryption keys in Windows
storage Azure Storage
Use HTTPS to securely
transfer Shared Access
Disclosure of Shared
Web Role/Client Signatures to intended Yes
Access Signatures
recipients and set appropriate
permissions on containers.
Physical theft of
storage account
Physical Security and
information, code or Infrastructure None Required No
Operations Policies
other intellectual
property
Encrypted Storage of
Arbitrary Secrets in Will require API calls similar
Platform Yes
Windows Azure to DPAPI
Storage
Denial of Service
Denial of Service
Load balancing &
attacks via network
Platform throttling in network None Required No
bandwidth saturation
infrastructure
(packet flooding)
23. Identification of Windows Azure Live
botnets and malicious Infrastructure Services monitors and None Required Yes
network traffic investigates
Deep packet
inspection for network
Platform None Required Yes
attacks with known
signatures
Quotas, ACLs, Reduced
Flooding of Web Role
Platform privilege execution and Yes
local storage or None Required
flood monitoring
blob/table storage
protection
Request flooding at
Implement application-level No
the customer Web Role request throttling if necessary
code/app level
Elevation of
Privilege
Anti-virus scanning of
Platform None Required Yes
VM Guests/Hosts
Must scope all cookies and
the document.domain
Misconfiguration of
property to the service
Service/Application Web Role Yes
subdomain (eg.
settings
http://contoso.cloudapp.net)
and NOT to *.cloudapp.net
Cross-site Request
Forgery Attacks Web Role Use ASP.NET defenses No
against the web role
Cross-site Scripting
Attacks against the Web Role Use the Anti-XSS Library No
web role
Fuzz all interfaces and
API fuzzing attacks on
endpoints unique to code
interfaces exposed by Web Role No
exposed to the web (or any
the web role
other services)
24. IPFilter driver
Network packet
customizations fuzzed
fuzzing attacks against
Platform to SDL requirements, None Required No
network protocols
external penetration
used by web role
testing performed
File Fuzzing attacks Existing parsers fuzzed
against file parsers to SDL requirements,
Platform None Required No
which are part of external penetration
Windows Server 2008 testing performed
File Fuzzing attacks
Fuzz test all proprietary
against custom,
Web Role network protocol or file No
application-provided
format parsers
file parsers
Patching of security
Have a security response and
vulnerabilities at the
Web Role updating plan in place No
Web Role/customer
code level
APIs fuzzed to SDL
API Fuzzing attacks
requirements, external
against the Hypervisor Platform None Required Yes
penetration testing
root
performed
Appendix C: Excerpt from the Windows Azure Partial
Trust Policy Reference
This is an abbreviated version of the full Windows Azure Partial Trust Policy available at the MSDN Portal. By
default, roles deployed to Windows Azure run under full trust. To run your role under partial trust, you must
add the enableNativeCodeExecution attribute on the WebRole or WorkerRole element and set it to false.
Legend:
WA Partial Trust is more restrictive here than ASP.Net Medium Trust
WA Partial Trust behavior differs from ASP.Net Medium Trust without being more restrictive
WA Partial Trust behavior is the same as ASP.Net Medium Trust
25. Windows Azure
Permission State ASP.NET medium trust partial trust
AspNetHosting Level Medium Medium
EnvironmentPermission Unrestricted TEMP; TMP; USERNAME; TEMP;TMP
OS; COMPUTERNAME
Read TEMP; TMP; USERNAME; TEMP;TMP
OS; COMPUTERNAME
Write TEMP; TMP; USERNAME; TEMP;TMP
OS; COMPUTERNAME
FileIOPermission Unrestricted Denied Denied
Read $AppDir$ $AppDir$; Any
named local store
Write $AppDir$ Any named local
store
Append $AppDir$ Any named local
store
PathDiscovery $AppDir$ $AppDir$; Any
named local store
IsolatedStorageFilePermission Unrestricted Denied Denied
AssemblyIsolationByUser Permitted Denied
UnrestrictedUserQuota Permitted Denied
RegistryPermission Unrestricted Denied Denied
SecurityPermission Assertion Permitted Denied
RemotingConfiguration Permitted Denied
SocketPermission Connect Denied External sites
only
TCP
Accept Denied Denied
SqlClientPermission Unrestricted Permitted External sites
only
26. WebPermission Unrestricted Denied Denied
Connect $OriginHost$ External sites
only
Accept Denied Denied
Appendix D: Using SDL-approved cryptography in
Windows Azure Applications
Many applications require the use of cryptographic technologies for encryption, tampering detection, signatures
etc., and the SDL is prescriptive about which cryptographic technologies should be used. The following is a list
of some of the more common requirements you will encounter when building a Windows Azure application.
Where possible, use SSL/TLS (by using HTTPS) to transfer data between all parties, such as:
Clients <-> Web and Worker Roles
Clients <-> Storage endpoints
Web Roles <-> Web and Worker Roles over internal endpoints
Web and Worker Roles <-> Storage endpoints
Web roles supporting HTTPS should be provisioned with certificates supporting 2048-bit RSA keys.
Certificates should be renewed annually by refreshing the service configuration with the thumbprint of
any new certificate uploaded via the developer portal.
Use AES for symmetric cryptographic operations.
Use 256-bit symmetric keys. This is especially important when a role needs to store encrypted data in
Windows Azure Storage.
Use RSA or Elliptic Curve Cryptography (ECC) for asymmetric cryptographic operations.
Use RSA keys that are 2048-bit or longer.
Use a SHA-2 algorithm (SHA-256, SHA-384 or SHA-512) for hashing and message-authentication
codes.
Use the strong entropy provisioned into the VM if keys are derived in role code. Windows Azure virtual
machines are specially provisioned with strong entropy at boot.
For more guidance on use of cryptography, see http://msdn.microsoft.com/en-us/security/sdl-process-
guidance.aspx
Store SSL/TLS certificates with Windows Azure Certificate Services, not in Windows Azure Storage or
on local disk.