Jaacostan

GibiBytes is a unit of data. One GiB is approximately 1.074 GB. [ One gibibyte is equal to 1073741824bytes = 1024 mebibytes ]. Azure virtual disk sizes are measured in Gibibytes (GiB), which are not the same as Gigabytes (GB). Therefore, to obtain an approximate equivalent of your virtual disk size in GB, multiply the size in GiB by 1.074, and that will return a size in GB. For example, 32,767 GiB would be approximately 35,183 GB. Whereas a Gigabyte is an another unit of data storage capacity, is approximately 1024 Mega Bytes (MB). Normal storage disks uses Gigabyte (GB) terminology to represent the storage capacity.

image courtesy : https://docs.microsoft.com Azure management groups help you manage your Azure subscriptions by grouping them together. If your organization has many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. Azure subscriptions help you organize access to Azure resources and determine how resource usage is reported, billed, and paid for. Each subscription can have a different billing and payment setup, so you can have different subscriptions and plans by office, department, project, and so on. Resource groups are containers that hold related resources for an Azure solution. A resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. reference : https://docs.microsoft.com

A quick reference on Azure Cloud platform security baseline based on CIS. Baseline security checklist for commonly used Azure services. Please fast forward towards the end of this post, if you are looking for the CIS Microsoft Azure Foundations Security Benchmark Turn on Azure Security Center - it's free - Upgrade your Azure subscription to Azure Security Center Standard. Security Center's Standard tier helps you find and fix security vulnerabilities, apply access and application controls to block malicious activity, detect threats using analytics and intelligence, and respond quickly when under attack. Adopt CIS Benchmarks - Apply them to existing tenants. Use CIS VMs for new workloads - from Azure Marketplace. Store your keys and secrets in Azure Key Vault (and not in your source code) - Key Vault is designed to support any type of secret: passwords, database credentials, API keys and, certificates. Install a web application firewall - Web application firewall (WAF) is a feat

Consolidated list of documentations and tutorials related to Microsoft Azure Cloud Security. Can be used to perform a deep dive on Azure security and for the preparation of Azure Security certification,. Azure Well-Architected Framework Introduction to Azure security Azure security documentation Using customer-managed keys in Azure Key Vault with Storage Service Encryption Start using Azure Active Directory Privileged Identity Management Privileged Identity Management documentation What is Azure Security Center? Azure Security Center documentation What is Conditional Access? Microsoft Security Development Life-cycle Azure Information Protection documentation Azure Sentinel documentation Azure Key Vault Azure Security Center for IoT documentation Azure Dedicated HSM documentation Azure DDoS Protection Standard overview Microsoft security architecture recommendations Become an Azure Sentinel Ninja: The complete level 400 training Feel free to share. Happy learning.

As security professionals, our job is to reduce the level of risk to our organization from cyber security threats. However Incident prevention is never 100% achievable. So, the best option is to have a proper and efficient security Incident Management established in the organization. Proactive incident management helps to prepare the team and limit the damage. I have written a book on Incident Response and Handling. This book provides a holistic approach for an efficient IT security Incident Management. Key topics includes, 1) Attack vectors and counter measures. 2) Detailed Security Incident handling framework explained in six phases. _Preparation _Identification _Containment _Eradication _Recovery _Lessons Learned/Follow-up 3) Building an Incident response plan and key elements for an efficient incident response. 4) Building Play books. 5) How to classify and prioritize incidents. 6) Proactive Incident management. 7) How to conduct a table-top exercise. 8) How to write an RCA

An availability set is a logical grouping of two or more VMs that helps to keep the application hosted in the Azure cloud, available during planned or unplanned maintenance. Planned events such as patch security vulnerabilities, improve performance, and add or update features can be considered as a Planned Maintenance. Where as, an unplanned maintenance are events that involves a hardware failure in the data center, or a power outage or a disk failure etc. On such events, cloud providers needs to ensure that their customers are not affected by any of these events. To achieve this in the Azure cloud, one of the method is to use availability sets. VMs that are part of an availability set automatically switch to a working physical server so the VM continues to run. The group of virtual machines that share common hardware are in the same fault domain. A fault domain is essentially a rack of servers. It provides the physical separation of your workload across different power, cooling, and n

Juniper Networks offering free course and certifications.Earn up to FIVE Juniper Networks Associate Certifications for FREE through Juniper Open Learning. Create account in Junos Genius to access the learning resources and complete the learning path and assessment to earn free voucher. Offer page : https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478 Link to create Junos Genius Account : https://cloud.contentraven.com/junosgenius/signup/register Make use of it and Happy learning.

Why do we need to use MITRE ATT&CK? David Bianco explained very well that not all indicators of compromise are created equal. The pyramid defines the pain it will cause the adversary when you are able to deny those indicators to them. Fig 1: Pyramid of Pain (Source:http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html) Hash Value: Hash indicators are the most accurate type of indicator. On the other hand, any change to a malicious file results in a completely different and unrelated hash value. So, in that case it’s very easy to change the hash value and there are so many hashes around the globe in that cases it may not be quite worth monitoring all of them. IP Address: If you deny the adversary IP then usually, they can come back quickly with different IP. Domain Name: Tons of domain are registered using fake details and there are free DNS services available. Udacity has special offers worldwide to help anyone learn important, higher-paying job

Scaling up/Vertical Scaling and Scaling Out/Horizontal Scaling. These terms are used often in the Cloud referring to the flexible way of increasing the performance and computing. Scaling Up or Vertical scaling means to increase the memory, storage or compute power on an existing virtual machine. For example, you can add additional memory to a database server to make it run faster. Scaling Out or Horizontal scaling means to add extra virtual machines to power your application. You may create many virtual machines configured together and use a Load-Balancer to distribute work across them.

Coursera is offering free promotions on selected Cloud technology courses. The offer is valid through 7/31/2020 Extended till 12/31/2020 . Valid for one enrollment per person. So select the best one from the offerings. Link : https://www.coursera.org/promo/cloud-technology-free-courses Select the course and enroll. The discount will be automatically applied. Happy learning

Release of the BevQ app might be a relief to many. Though the selling of Alcohol contributes huge revenue to the Government, there is always a social commitment to the citizens that they need to follow as well. Make availability of alcohol to those who are needy but at the same time, do measures to reduce the negative effects of alcohol in the society as well such as crime, over drinking, alcohol related nuisances/abuses etc. Below are some of my suggestions to improve the app for a social cause as well. No need to collect additional data. Instead use the existing data to get the statistics and help to provide awareness. Provide a noticeable link in the app, to know about the harmful effects of alcohol. Keep the statistics with the cost, accessible for both government and the consumer user (private), so that the user can view themselves and analyze how much they drink and how much money they spend on alcohol.Show the report with enticing example. For example, a user spent 10000 INR a m