Browsed by
Tag: security

Cloud Networking and Security

Cloud Networking and Security

Now here’s a fun topic I wanted to share, as I’ve been looking more and more into this. When many people think of the cloud, in my experience the ideas of networking and security are what has changed so vastly compared to what they think of in a normal circumstance.

At its core, there is a mindset shift between the way on-prem data centers, and cloud based networking function. And its important to remember these fundamental differences or else you run into a variety of problems down the road. It’s easy to get overwhelmed to be honest, and I don’t mean for this to seem complete by any stretch of the imagination. But you have to start somewhere right.

The most important thing to remember is that some elements of security just don’t apply anymore, at least not in the traditional sense. And here are some of those concepts:

  • Perimeter Security is not what it used to be: This is the hardest thing for a lot of people to realize, but everyone still tries to cling to these notions that the only way to secure a workload is through locking down every public endpoint, and build a perimeter around your application, and then call it a day. Do a search online of the number of companies who implement perimeter security practices and how many times it blew up in their face. Security Threats, attack vectors are always changing and to consider the idea that you can build a fence and that’s good enough is just ridiculious.
  • Authentication / Authorization are the new IP address: Another situation that I see all too common with the cloud is people clinging to IP whitelisting. IP Whitelisting is not sufficient for many of the more sophisticated attackers any more. And to be honest, your preventing yourself from taking advantage of cloud based services that are more secure than what you are capable of implementing yourself. The idea of Zero trust has been growing more and more, and here we assume that no sending is safe, without credentials. This ensures better security overall.
See the source image

So what do we have to look at to start. I wanted to provide some ideas of potential areas to focus when it came to security for the Cloud and those options are here.

  • Here is a quickly consumable “Best Practices” for IaaS workloads for security.
  • Additionally there is a link to security documentation for azure, and this provides a lot of details on different topics and questions.

And here is a reference on the Microsoft Shared Responsibility model for Security.

  • Network Security Options:  Here is a list of options for network security.
  • Network / Application Security Groups:  NSGs are a great way of limiting the traffic within a virtual network.  But additionally in this space, we provide service tags, which allows you to manage the different azure services you might allow to communicate for rule creation.  Things like “AzureTrafficManager”, “VirtualNetwork”, “Sql”, “Storage”.  Additionally there is an option with Application Security Groups (ASGs), which enable you to configure the NSGs to be based on the application architecture. 
  • Virtual Network Service Endpoints:  This provides an option to extend your virtual network private address space to Azure services without traveling the public internet.  So the intention here would be, I want my machines to access “KeyVault”, but I don’t want it to be accessible outside of the vNet.  This is important as it allows you to further lock down your networking and access.
  • Virtual Network Peering:  As you identified in your network diagram, you were implementing two virtual networks.  If you want communication to occur across the different virtual networks, you would need to implement vnet peering to enable that traffic. 

Ultimately as I mentioned above, Zero Trust security models are really the direction of the future from a Cyber Security direction. A great site that covers the idea of Zero trust, and all the considerations can be found here. As well as a great whitepaper here.
Weekly – 4/13

Weekly – 4/13

So here was are, another week in quarantine, and really we had Easter and my family was able to still make it special without seeing family as much as we’d like. The one thing we did was my parents and my in-laws, hid eggs for my kids (cleaned them) and then we arrived, stayed outside and they hunted for the eggs. It actually was a lot of fun and a good way to do it with social distancing.

Down to business..

Fun Stuff:

So I love storytelling, and have always found it to be fascinating. I’m a movie fan, comic fan, TTRPGs, etc. And I’ve tried my hand at writing several times, mainly I’ve never released anything and my writing loses out to competing priorities. But It is cool to see ideas for new ways to tell stories. I saw on Twitter this week, @CSharpFritz, posted on twitter about how he likes to write, and mentioned RenPy, a python based framework for writing CYOA adventure games and releasing them via Mobile apps. I researched it a bunch of the weekend and its pretty awesome.

Weekly Links – 3/2

Weekly Links – 3/2

Hello all, here’s another round of weekly links. And its been a crazy week but with no travel which is awesome. Especially given all the concerns with travel and viruses.

Down to business…

Fun Stuff

I’ve made no secret of my Fandom attached to dungeons and dragons and recently the opening cinematic for baldurs gate 3 dropped and it is amazing. It can be found here.

Weekly Links – 2/8

Weekly Links – 2/8

Another installment of Weekly Links, and we are already into February this year which still blows my mind. But so far so good, life is pure chaos with a lot going on, so much so that I don’t know where to start. But your not here for that…

Down to business…

So that’s it, and for fun stuff, I want to throw out the trailer for Locke and Key, very excited for this since we just finished season 3 of Chilling Adventures of Sabrina.