Tag: security

Internet of Things

Learn how to Build IoT Apps on Azure with SkillMeUp and Opsgility

There has been an ever growing interesting in the Internet of Things (IoT). Beyond being just plain cool, IoT is a really interesting area of growth in pretty much any industry that has figured out how to make use of it. Some of the implementations of IoT include cruise ships, self-driving cars, smart thermostats, and MANY, MANY other applications! With cloud-based IoT services like those offered from Microsoft Azure it’s becoming much easier to build more powerful Internet of Things (IoT) solutions.

On the training side, there’s not too much available for teaching you how to build Internet of Things (IoT) architectures and solutions in the cloud. Recently, I published a new learning path and series of on-demand courses and hands-on labs on Building IoT Apps on Microsoft Azure over at SkillMeUp.com.

Read More
ArchitectureInternet of Thingssecurity

IoT Security Architecture: Trust Zones and Boundaries

There are many aspects to architecting an Internet of Things (IoT) solution. Security is probably the most important aspect of any computer system, but it’s especially important with IoT. Every so often there are news reports about IoT solutions being compromised; like Internet connected cameras being compromised to create botnets that perform denial of service attacks, or internet connected automobiles being compromised in dangerous ways. Regardless of what a particular IoT solution is used for, the overall Security of the IoT solution is an extremely important detail to keeping mind from the beginning of design all the way through implementation, as well as deployment to production.

One of the security aspects to keep in mind when designing any Internet of Things (IoT) solution is the trust boundaries between different parts of the system, both physical and software. Read More

Certification

Cybersecurity / IT Security Certifications for 2018

If you’re looking to get certified in Cybersecurity, IT Security, or Computer Security, then you don’t have as many straight forward options as if you wanted to get certified with Windows or Linux; or even if you want to get certified with Microsoft Azure or Amazon AWS. Those certification paths are quite straight forward, as you can find certifications offered by the appropriate vendors. However, Security certification is a bit more niche. While there are a few options for getting certified in Security, it can be a bit confusing to navigate the landscape of what it offered. This article lists out the available Security certifications available in the industry, and will help clarify any questions you have in regards to deciding which is the most appropriate for you. Read More

CertificationInfrastructure

Introducing the Azure Administrator Certification Track from Microsoft

Microsoft continually updates the content of the different Microsoft Azure certification exams, but it’s been almost 2 years since they really updated the Microsoft Certification paths to be more Azure focused / integrated. Great news is that Microsoft is making further changes to keep improving the various Microsoft Azure Certifications and associated exams that are offered. During the Microsoft Inspire 2018 conference, the Microsoft Learning team announced the introduction of this brand new Azure certification track tailored for Azure Administrators. Read More

Azure CLIInfrastructure

Securing Azure Virtual Machines using Network Security Groups (NSGs)

Security, Security!

This is top of mind for everyone these days and Azure has many security features.  Today we are going to explore the world of Network Security Groups (NSGs) and their use on Virtual Machines and traffic into and out of Virtual Networks.

A network security group (NSG) is a networking filter (firewall) containing a list of security rules allowing or denying network traffic to resources connected to Azure VNets. These rules can manage both inbound and outbound traffic. NSGs can be associated to subnets and/or individual Network Interfaces attached to ARM VMs and Classic VMs. Each NSG has the following properties regardless of where it is associated:

  • Name for the NSG
  • Azure region where the NSG is located
  • resource group
  • Rules either Inbound or Outboard defining what traffic is allowed or denied

When a NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can be further restricted by also associating a NSG to a VM or NIC. NSGs that are associated to subnets are said to be filtering “North/South” traffic (in other words, packets flowing in and out of a subnet). NSGs that are associated to Network Interfaces are said to be filtering “East/West” traffic (in other words, how the VMs within the subnet connect to each other). Read More

ArchitectureEventssecurity

Microsoft Virtual Security Summit 2018

The Microsoft Virtual Security Summit is a 3 hour long, virtual event packed with information on protecting your organization in a mobile-first, cloud-first world. Cybersecurity has become a priority IT concern due to the nearly weekly announcements of cyberattacks. Cybersecurity is extremely important for every organization. At this event you will learn about modern cyberattacks, and the tools you can use to keep your devices, platforms, and people safe. Read More

Azure CLIInfrastructure

Azure CLI 2.0: Generate SAS Token for Blob in Azure Storage

Azure Storage is a cloud service at the very center of Microsoft Azure. It provides the foundations for storing data in many services and systems within the Azure cloud platform. You can use Azure Blob Storage to store any binary data such as files, images, backups, .vhd’s, videos, and pretty much any other file. The Azure Blob Storage will secure all blobs / files by default where they can’t be access without a key. You can configure the service to allow anonymous access to blobs, however, there are many circumstances that you want to securely share a file with Azure Blob Storage.
Read More

CertificationInfrastructure

70-744 Securing Windows Server 2016 Certification Exam

Server and Virtual Machine (VM) security is an increasingly important topic in IT. With the adoption of both Public and Private Cloud environments the landscape of server security has been changing as systems become increasingly connected; especially across networks and even the Internet. The Securing Windows Server 2016 (70-744) certification exam will test and measure your expertise in securing and hardening server and VMs running Windows Server 2016; whether their on-premises, or in Public or Private Cloud environments.

Certification Target Audience

The focus on the Securing Windows Server 2016 (70-744) certification exam is centered around Windows Server 2016 Security; such as hardening server environments, securing Virtual Machine infrastructure using Shielded and encryption-supported VMs and Guarded Fabric. The exam is designed to target candidates who are IT Pros and infrastructure professionals that are tasked with configuring and securing Windows Server 2016 environments On-Premises and in Virtual Machine (VM) environments including both the Public and Private Cloud.

Skills Measured

Here is a high level list of the skills and objectives measured on this exam. The percentages next to each of the high level objectives represents the percentage of exam questions that will be targeted towards that specific objective area.

  • Implement disk and file encryption (25-30%)
    • Configure disk and file encryption
    • Implement server patching and updating solutions
    • Implement malware protection
    • Protect credentials
    • Create security baselines
  • Secure a virtualization infrastructure (5-10%)
    • Implement a Guarded Fabric solutions
    • Implement Shielded and encryption-supported VMs
  • Secure a network infrastructure (10-15%)
    • Configure Windows Firewall
    • Implement a software-defined Distributed Firewall
    • Secure network traffic
  • Manage privileged identities (25-30%)
    • Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
    • Implement Just-in-Time (JIT) Administration
    • Implement Just-Enough-Administration (JEA)
    • Implement Privileged Access Workstations (PAWs) and User Rights Assignments
    • Implement Local Administrator Password Solution (LAPS)
  • Implement threat detection solutions (15-20%)
    • Configure advanced audit policies
    • Install and configure Microsoft Advanced Threat Analytics (ATA)
    • Determine threat detection solutions using Operations Management Suite (OMS)
  • Implement workload-specific security (5-10%)
    • Secure application development and server workload infrastructure
    • Implement a secure file services infrastructure and Dynamic Access Control (DAC)

When studying for this exam, you’ll definitely want to look at the official exam page from Microsoft for the full list of exam objectives. You’ll need to be sure to study every one of them that will be measured on the exam.

Training Materials

The Securing Windows Server 2016 (70-744) exam covers a lot of smaller objective areas in comparison to many other certification exams. There are a lot of topic areas to study around Security Windows Server 2016! Fortunately there is an Exam Reference book available from Microsoft Press targeted towards studying for this specific exam.

Here’s a short description of the Exam Reference book:

Exam Ref 70-744 Securing Windows Server 2016

Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level. 

Focus on the expertise measured by these objectives: 

  • Implement server hardening solutions
  • Secure a virtualization infrastructure
  • Secure a network infrastructure
  • Manage privileged identities
  • Implement threat detection solutions
  • Implement workload-specific security 

This Microsoft Exam Ref: 

  • Organizes its coverage by exam objectives
  • Features strategic, what-if scenarios to challenge you
  • Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles

Happy Studying!

Infrastructure

Setup SSL / TLS on Azure CDN Custom Domain

azure-content-delivery-network-cdn_colorSince the beginning the Azure CDN has allowed for custom domains to be mapped so you can use your own domain name instead of the Azure CDN default domain name endpoint; such as that at “*.azureedge.net”. However, until recently you couldn’t enable SSL encryption support for that custom domain mapped to the Azure CDN endpoint. In a recent update to the Azure CDN service Microsoft has finally enabled the ability to enable SSL / TLS on an Azure CDN Custom Domain name. Read More