Secure Azure Virtual Network – Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall

Security Challenge on Azure

There are few common security related questions when we start planning migration to Azure:

How can we restrict the ingress and egress traffic on Azure ?
How can we route the traffic on Azure ?
Can we have Firewall kit, Intrusion Prevention System (IPS), Network Access Control, Application Control and Anti – Malware on Azure DMZ ?

This blog post intention is to answer above questions using following Azure features combined with Security Virtual Appliance available on Azure Marketplace:

Azure Virtual Network (VNET)
Azure Network Security Groups (NSGs)
Azure Network Security Rule
Azure Forced Tunelling
Azure Route Table
Azure IP Forwarding
Barracuda NG Firewall available on Azure Marketplace

One of the most common methods of attack is The Script Kiddie / Skiddie / Script Bunny / Script Kitty. Script Kiddies attacks frequency is one of the highest frequency and still is. However the attacks have been evolved into something more…

View original post 1,509 more words

Azure ExpressRoute in Australia via Equinix Cloud Exchange

Kloud Blog

Microsoft Azure ExpressRoute provides dedicated, private circuits between your WAN or datacentre and private networks you build in the Microsoft Azure public cloud. There are two types of ExpressRoute connections – Network (NSP) based and Exchange (IXP) based with each allowing us to extend our infrastructure by providing connectivity that is:

Private: the circuit is isolated using industry-standard VLANs – the traffic never traverses the public Internet when connecting to Azure VNETs and, when using the public peer, even Azure services with public endpoints such as Storage and Azure SQL Database.
Reliable: Microsoft’s portion of ExpressRoute is covered by an SLA of 99.9%. Equinix Cloud Exchange (ECX) provides an SLA of 99.999% when redundancy is configured using an active – active router configuration.
High Speed speeds differ between NSP and IXP connections – but go from 10Mbps up to 10Gbps. ECX provides three choices of virtual circuit speeds in Australia: 200Mbps, 500Mbps…

View original post 1,042 more words

Secure Azure Virtual Network (VNET) and Create DMZ on Azure using Network Security Groups (NSG) – Azure Security Part II

At TechEd Europe 2014, Microsoft announced the General Availability of Network Security Groups (NSG) which add security feature on Azure Virtual Network (VNET). The feature is very compelling from security point of view. NSG is one of the Azure security feature I always use everytime I design solution using Azure. I have blogged this last … Continue reading Secure Azure Virtual Network (VNET) and Create DMZ on Azure using Network Security Groups (NSG) – Azure Security Part II →

Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1

Public Cloud is all about trust which security is key pillar to keep the customer trust. There is a misconception about Cloud Security. This post will be part of my Azure Security blog post series. In this series we will dispell some of the myths and discuss how to mitigate the risks. Based on Gartner 2014 survey, … Continue reading Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1 →

Install Windows Azure X-Plat CLI

There are few ways to install the X-Plat CLI; using installer packages for Windows and OS X or combination of Node.js and NPM for Linux. Node.js and npm via nave Nave is a tool for handling node.js installations. Nave is to node.js just like RVM is to Ruby. It pulls directly from nodejs.org Follow … Continue reading Install Windows Azure X-Plat CLI →

Windows Azure Online Backup Step By Step

Before We discuss any further, You need to have Windows Azure account and enable Windows Azure Preview features. You need a x.509 v3 certificate to register your servers with backup vaults. The certificate must have 2048 key length , have valid Client Authentication EKU, validity period is no more than 3 years and reside at certificate … Continue reading Windows Azure Online Backup Step By Step →

Export and re-Provision your Azure VM with Azure PowerShell

For PowerShell users out there. You can administer your Azure VM more fun with Windows Azure Powershell. Before We start our exporting and re-provisioning mission, We do need some preparations beforehand. 1. Please install Windows Azure Powershell either on your desktop or your bastion host. Download here. 2. Run Windows Azure Powershell with your … Continue reading Export and re-Provision your Azure VM with Azure PowerShell →

Connect your System Center 2012 to Windows Azure subscription

Microsoft just launched their Azure availability zone in Australia which will open new Cloud computing chapter in Australia. End of June post will be how to connect your Windows Azure subscription to your existing System Center 2012 App Controller. You need to have Windows Azure account and subscription as well as App Controller installed on … Continue reading Connect your System Center 2012 to Windows Azure subscription →