Skip to content

Instantly share code, notes, and snippets.

View joelowrance's full-sized avatar

Joe Lowrance joelowrance

10 followers · 8 following
View GitHub Profile
@joelowrance
joelowrance / 7- Secure your Azure SQL Database.md
Last active April 1, 2021 23:02
7- Secure your Azure SQL Database

Exercise - Set up sandbox environment

create a sql server

az sql server create \
    --name $SERVERNAME \
    --resource-group $RESOURCEGROUP \
    --location $LOCATION \
    --admin-user $ADMINLOGIN \

--admin-password $PASSWORD

@joelowrance
joelowrance / 6- Secure your Azure resources with Azure role-based access contro.md
Last active April 1, 2021 23:02
6- Secure your Azure resources with Azure role-based access contro

What is Azure RBAC?

Used with Azure AD to make it simple to carry out goals - when people leave, they should no longer have access and finding the balance between autonomy and central governance.

Azure subscriptions

Each subscription is associated with a single Azure AD. Can extend on-prem to cloud using Azure AD Connect.

What is Azure RBAC?

Role based access built on resource manager that lets you do fine grained management of resources.

@joelowrance
joelowrance / 5- Configure and manage secrets in Azure Key Vault.md
Last active March 28, 2021 18:03
5- Configure and manage secrets in Azure Key Vault

Guidelines for using Azure Key Vault

Vaults

A secure container Container is a collection of keys and protected data (secrets) az keyvault create --resourcegroup whatever --name uniquename New-AzKeyVault for powershell

@joelowrance
joelowrance / 4- Secure your Azure Storage account.md
Last active March 28, 2021 12:41
4- Secure your Azure Storage account

Explore Azure Storage security features

Data is protected at rest, in transit.
CORS is supported.
Can control access to data and audit this access

Encryption at rest

256 bit AES cipher.
VM drives are encrypted with AZ disk encryption which uses bit locker for Win and dm-crypt for linux Key Vault stores the encryption keys and secrets

@joelowrance
joelowrance / 3- Configure security policies to manage data.md
Last active March 28, 2021 12:24
3- Configure security policies to manage data

Classify your data at rest, in process, and in transit

Digital data always exists in one of three states: at rest, in process, and in transit.

Protect data at rest

Apply disk encryption (Azure Disk Encryption) Use encryption - encrypt drives before writing data

Protect data in transit

@joelowrance
joelowrance / 2- Top 5 security items to consider before pushing to production.md
Last active March 27, 2021 21:50
2- Top 5 security items to consider before pushing to production

Azure Security Center

ASC threat protection across all services - on prem and in the cloud

  • provides recommendations
  • monitors
  • uses ML to detect and block malware
  • Looks at incoming attacks and helps investigate
  • Just in time access for network ports
@joelowrance
joelowrance / 1- Protect against security threats on Azure.md
Last active March 27, 2021 14:56
1- Protect against security threats on Azure

Protect against security threats by using Azure Security Center

What's Azure Security Center?

Monitoring service for security across all services

  • does on-prem and cloud
  • can automatically apply settings
  • reccomendations
@joelowrance
joelowrance / Implement User Authentication and Authorization.md
Last active March 16, 2021 23:26
Implement User Authentication and Authorization

Secure Azure Storage

Ways to Secure Azure Storage

3 dimensions to securing storage - management plane (manage users and perms), Data plane (who can access data), Encryption

Management: RBAC

Security principal - someone or something (user or application). Groups can also be principals. Service Principal is a "headless" user. Managed Identity

Role Definition - what permissions does a role have, what actions can they do.

@joelowrance
joelowrance / 6- Deploy and run a containerized web app with Azure App Service.md
Last active March 23, 2021 23:35
6- Deploy and run a containerized web app with Azure App Service

Build and store images by using Azure Container Registry

ACR allows you to store containers in the cloud (Azure version of Dockerhub)

What is Container Registry?

Service to store your own private Docker registries More secure than docker hub

  • you set permissions
  • you can sign images
@joelowrance
joelowrance / 5- Scale an App Service web app to efficiently meet demand with App Service scale up and scale out.md
Last active March 27, 2021 15:27
5- Scale an App Service web app to efficiently meet demand with App Service scale up and scale out

Scale a web app manually

Example is hotel reservations - you know when busy season is.

App Service plans and scalability

Free tier is 1GB and 10 apps, shared instance, no SLA, 60 mins compute per day (dev) Shared goes up to 100 apps, 240 mins compute per day Basic has unlimited and supports scaling to 3. 99.95% SLA. 3 sublevels Standard can scale to 10. 99.95% SLA, has 3 sublevels Premium 20 instances, 99.95%, multiple sublevels of hardware