23,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 178
Veröffentlichungsjahr: 2015
Ähnliche
Table of Contents
Microsoft Azure Security
Microsoft Azure Security
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2015
Production reference: 1310315
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-997-9
www.packtpub.com
Credits
Author
Roberto Freato
Reviewers
Jignesh Gangajaliya
Christos Matskas
Marco Parenzan
Naveen Kumar Vijayakumar
Commissioning Editor
Amarabha Banerjee
Acquisition Editor
Reshma Raman
Content Development Editor
Samantha Gonsalves
Technical Editor
Gaurav Suri
Copy Editor
Sonia Michelle Cheema
Project Coordinator
Kinjal Bari
Proofreaders
Simran Bhogal
Ameesha Green
Bernadette Watkins
Indexer
Mariammal Chettiyar
Graphics
Valentina D'silva
Disha Haria
Abhinash Sahu
Production Coordinator
Manu Joseph
Cover Work
Manu Joseph
About the Author
Roberto Freato has been an independent IT consultant ever since he started working. He worked for small software factories while he was studying; after an MSc degree in computer science engineering and a thesis on consumer Cloud computing, he specialized particularly in Cloud computing and Azure. Currently, he works as a freelance consultant for companies in Italy, helping clients to design and kickoff their distributed software solutions. He conducts training sessions for the developer community in his free time, giving lectures at conferences. He has also been a Microsoft MVP since 2010.
I would like to thank Simona, and my mom and dad.
About the Reviewers
Jignesh Gangajaliya is a principal technical architect with over 11 years of core technology and global business leadership experience in defining solutions and technology architectures.
His expertise lies in leading design, development, and deployment of large-scale software systems, and solutions across various industry verticals. His core strengths include wide and deep hands-on technological expertise, strategic thinking, comprehensive analytical skills, creativity in solving complex problems, and the ability to quickly understand complex business problems and come up with pragmatic solutions.
He is passionate about creating a strategic vision, building and transforming organizations to accelerate growth, and value creation by leveraging new technologies, trends, and emerging opportunities.
He specializes in enterprise architecture, solution architecture, Microsoft product servers and technologies, Cloud computing, SaaS, Microsoft Azure, and Amazon Web Services.
Christos Matskas is a software developer who has worked professionally for the last 11 years. He is an entrepreneur, founder, and CEO of Softwarelounge, a software consultancy firm, and cofounder of TowzieTyke, an applications development powerhouse. His portfolio includes collaborations with some great companies, such as MarkIT, Lockheed Martin, and Barclays. Over the years, he has worked on numerous exciting projects, ranging from mobile apps to data crunching backend solutions. His blog, https://cmatskas.com, is full of useful tutorials, tips and tricks, and reviews on software development tools. Christos also contributes to open source initiatives, and is a regular speaker at conferences and user groups, where he talks about .NET, Cloud, mobile applications, and software development in general.
I would like to thank my beautiful and charismatic wife for supporting me in this role and my kids for inspiring me to be a better person.
Marco Parenzan has been a .NET programmer since 2001, and is now a Cloud programmer too. He loves software architectures and writing code. He likes programming functions and games in his spare time. He was given the Microsoft MVP award for Azure in 2014. He provides training to companies and universities, in Friuli Venezia Giulia (Italy). He is a speaker for 1nn0va, a Microsoft community in Pordenone (refer to http://www.innovazionefvg.net/).
I want to dedicate this work to my wife, Paola, and to my children, who have always given me the time to do this. I'd also like to thank Roberto for giving me the opportunity to review his book.
Naveen Kumar Vijayakumar is a Amazon Web Services certified solutions architect. His keen interests lie in designing and architecting Cloud-based applications from the ground up and making existing applications (systems) Cloud-able. He also has experience in working in Microsoft Windows Azure Cloud Platform and Office 365. His hobbies include browsing the latest events in Tech Space, participating in forums, such as Stack Overflow, tweeting (his Twitter handle is <@navcode>), and blogging (visit www.navcode.info). He also loves to travel. Naveen holds a master's degree in information technology from IIIT, Bangalore, and is currently working for Digital Intelligence Systems (DISYS) as a Cloud architect.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
Instant updates on new Packt books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.
Preface
The purpose of this book is, on one hand, to introduce how security should be interpreted, and, on the other hand, to identify the security hot spots while using the Microsoft Azure platform as users and developers.
Microsoft Azure is Microsoft's platform for Cloud computing. It provides developers with elastic building blocks to build scalable applications. These building blocks are services for web hosting, storage, computation, connectivity, and more, which are usable as standalone services or can be mixed together to build advanced scenarios.
In this book, we will try to learn how security should not be delegated to fancy tools or to all-in-one salvation software, but it is primarily related to creating awareness among people involved in business processes. Companies should (and must) implement internal procedures to assess themselves from a security perspective, documenting the risks they are subjected to, and the measures used to mitigate (if necessary) these risks.
Microsoft Azure is an evolving platform. Technical topics have a high decay rate, so Azure Services are also enriched on a daily basis with new features and service models, making the goal of writing a complete book almost impossible. However, this book focuses on core concepts that remain quite stable over time.
What this book covers
Chapter 1, The Fundamentals of Security Standards, shows you how security principles are often related to common sense (and to a good understanding of a few core concepts) and how they can be achieved during the whole process. This chapter could also be a great introduction to certain security definitions for those who are not familiar with them.
Chapter 2, Identity and Access Management for Users, shows you the Identity and Access Management mechanisms used to control the resources of the Azure platform, by discussing IAM (short for Identity and Access Management) and advanced authentication. This chapter is essential for anyone who wants to start using Azure at a good level of security.
Chapter 3, Platform as a Service, shows you the most important Azure PaaS building blocks and highlights the security aspects of websites, Cloud Services, storage, SQL Database, caches, and Service Bus. This chapter helps while implementing solutions using the PaaS blocks of Azure.
Chapter 4, Infrastructure as a Service, shows you the most important Azure IaaS building blocks and highlights the security aspects of Virtual Machines and Virtual Networks, and also introduces the Azure Backup service. This chapter helps while implementing solutions using the IaaS blocks of Azure.
Chapter 5, Identity and Access Management for Developers, shows you how to use Azure Active Directory in custom applications, which are the integration scenarios, and gives an introduction to advanced features, such as Azure Key Vault. This chapter is particularly useful when implementing Identity in applications and dealing with secrets and keys.
What you need for this book
This book requires a basic exposure to the main concepts of Microsoft Azure, as well as C# programming language, and Visual Studio IDE. The software needed to practice on are Visual Studio 2013, with the latest Azure SDK, and Azure PowerShell.
Who this book is for
If you want to understand how security principles apply in distributed environments, how Azure provides security, and most importantly, how to use Azure to its best capability to reduce the risks of security breaches, then this book is for you. This book is ideal for developers who don't have a lot of confidence while using Azure security services, but desire to learn more.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "If you have multiple subscriptions, list them with the Get-AzureSubscription cmdlet."
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "On the bottom menu, click on the MANAGE MULTI-FACTOR AUTH button."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. The Fundamentals of Security Standards
Before we get down to talking about Azure specifically, we need to gather some basic information about what security means in the context of information technology, where it is often called information security. In this chapter, we are going to talk about the following topics:
In this chapter, we will show how these security principles are often related to common sense (and to a good understanding of a few core concepts) and how they have to be achieved during the whole process. Here, the process is a comprehensive end-to-end series of tasks involved in information management, and not only the usage of Azure technology.
Information security fundamentals
Let's start with a brief recap of high school concepts, such as the difference between data and information. In many cases, both should be treated as important assets, though there is an important difference.
Data is the raw piece of a fact, which describes something; information is the output of a process of elaboration of raw data.
Tip
Think about a sensitive digital document containing strategic company plans. If someone sees the raw bits of this document, no one could probably gain any kind of advantage from it. Instead, if these bits (the data) are properly translated by some software into a human-readable document, information is generated.
I mentioned that both of these are important, since raw data can produce a lot of information. However, it is generally accepted that information has much more value as it represents the output of a high value transformation process.
CIA triangle
It is probably well known that the most widely-accepted principles of IT security are confidentiality, integrity, and availability. Despite many security experts defining even more indicators/principles related to IT security, most security controls are focused on these principles, since the vulnerabilities are often expressed as a breach of one (or many) of these three. These three principles are also known as theCIA triangle:
A breach of confidentiality means that somewhere, some critical and confidential information has been disclosed unexpectedly.
Integrity: This is about state of information.A breach of integrity means that information has been corrupted or, alternatively, the meaning of the information has been altered unexpectedly.
Availability: This is about interruption.A breach of availability means that information access is denied unexpectedly.
Ensuring confidentiality, integrity, and availability means that information flows are always monitored and the necessary controls are enforced.
We say that a breach means an exposure, which is caused by an event that occurred when exploiting a vulnerability located in some point of the involved process.
Tip
Those events are often called incidents, since they expose a system to loss or damage. Later, we you learn how to identify the threats of a system, which is one of the main purposes of Information Security Management (ISM).
As you can see from the the three principles discussed, for each security principle we need to ensure that information flows are always monitored and the necessary controls are enforced. The first is a basic milestone of information security, since all the information flows have to be known and documented by an officer in order to plan which controls should be enforced. The second part, instead, is related to a specific principle; security measures vary from one principle to another, as follows:
Sometimes we encounter other principles related to security, such as non-repudiation, authenticity, utility, possession, and more. I prefer to reduce all the principles to the CIA triangle, since I think the other ones are specializations of this base model.
Security management
In this book, we will try to teach you that security should not be delegated to fancy tools or to all-in-one salvation software, but it is primarily related to the awareness of people involved in business processes. Companies should (and must) implement internal procedures to assess themselves by a security perspective, documenting the risks they are subjected to and the measures to mitigate (if necessary) these risks.
This is, in summary, the purpose of a Security Management System which, when talking about IT, becomes anInformation Security Management System (ISMS).
In the previous sections, we talked about risks, vulnerabilities, threats, and incidents; now let us try to give an example.
A company hires sales representatives, giving them a PC with essential tools of trade, Customer Relationship Management (CRM) access, and a database of clients with their details (that is, the past revenues). The person in charge of security decides to force users in mobility to use a
