Public Cloud is all about trust which security is key pillar to keep the customer trust. There is a misconception about Cloud Security. This post will be part of my Azure Security blog post series. In this series we will dispell some of the myths and discuss how to mitigate the risks.
Based on Gartner 2014 survey, 25% Enterprises have made significant cloud investments and 72% Enterprises have made cloud investments. 47% have IaaS running which the trends will increase significantly for upcoming years. Top three spending for IT budgets in Australia: Mobile, Analytics and Cloud.
Security and Compliance are still major concerns for Cloud adoption. Very often myth of Cloud computing security mixed with negativity built the pre-assumption of Cloud Computing security.
Security in the Public Cloud in general is joint responsibility. There are few security features which we inherit from our Cloud Provider. Azure for this post and there are few security responsibility gaps which we are responsible for them.
For more information regarding Microsoft Azure Security and what Microsoft provides security out of the box —> here.
Below is the common scenario which I found out there.
Scenario
Let’s say We have Azure subscription which has site to site connectivity to our On-Prem with System Center VMM. We have HYBRID here! YES!
Now I feel like testing the performance SharePoint 2013 on Azure. Why? Because We CAN 🙂 with Azure PowerShell script – We can spin those three tier SharePoint 2013 farm on Azure VMs very quickly. On day Zero, those VMs are ‘green’. Those VMs have enough patch level and have no malware. Days turn weeks and those VMs left un-managed / partially managed with no anti-malware protection, unpatched and no server hardening on those VMs.
Who is the party responsible for this VMs security? Azure? Yes partially. Mark Russinovich ? Probably…NO. We ? YES to manage this VMs.
The same manner if I spin up some Hyper-V VMs using my System Center VMM, I need to manage those VMs and keep them on ‘Green’ state.
Now how do we provide protection from day Zero ? The answer is Azure Anti-Malware Extension!
Currently Azure provides three new security extensions:
- Microsoft Anti-Malware
- Symantec Endpoint Protection
- Trend Micro Deep Security as a Service
Surely We want that to meet our compliance requirements to protect our VMs especially on Production.
How do we install one of the extension to our existing VMs ? Worry not! Below Azure Powershell scripts can help us to install Microsoft Anti-Malware extension:
Add Microsoft Anti-Malware Extension
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $service= "AzureVMAntiMalware" | |
| $name = "MyAzureVM01" | |
| # Get the Azure VM | |
| $vm = Get-AzureVM –ServiceName $service –Name $name | |
| # Add Microsoft Antimalware Agent to Azure VM | |
| Set-AzureVMExtension –Publisher Microsoft.Azure.Security –ExtensionName IaaSAntimalware –Version 1.* –VM $vm.VM | |
| # Update the VM which will install the Antimalware Agent | |
| Update-AzureVM –Name $name –ServiceName $service –VM $vm.VM |
How do we check whether the Anti-Malware has been enabled on VM, Azure PowerShell script below can help us to confirm:
Get Microsoft Anti-Malware Extension Status
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $servicename = "AzureVMAntiMalware" | |
| $name = "MyAzureVM01" | |
| # Get Azure VM | |
| $vm = Get-AzureVM –ServiceName $servicename –Name $name | |
| # Get Microsoft Antimalware Agent Azure Virtual Machine Status | |
| Get-AzureVMExtension –Publisher Microsoft.Azure.Security –ExtensionName IaaSAntimalware –Version 1.* –VM $vm.VM | |
To uninstall Microsoft Anti-Malware extension, Azure PowerShell script below can help to uninstall the agent:
Uninstall Microsoft Anti-Malware Extension
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $servicename = "MyAzureVMAntiMalware" | |
| $name = "MyAzureVM01" | |
| Get-AzureVM –ServiceName $servicename –Name $name | Set-AzureVMExtension –Publisher Microsoft.Azure.Security –ExtensionName IaaSAntimalware –Version 1.* –Uninstall | Update-AzureVM |
Next post we will look further how to secure our Azure Environment using System Center Configuration Manager 2012 R2 to keep our Azure VMs ‘Green’. We will cover few sections below:
- Patch Management
- Anti-Malware with Endpoint Protection
- Firewall
- Compliance Settings
- Reporting to comply with Enterprise requirement
Andreas Wasita 
One thought on “Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1”