Jaacostan

Good news to all NCP/NCAP/NCSE aspirants. Nutanix Global .NEXT event, happening September 8th – September 10th, 2020. All .NEXT attendees will receive a voucher to take the NCP, NCAP, or NCSE exams for FREE through October 15.    Registration link : https://www.nutanix.com/next/register.html  Explore more : https://next.nutanix.com/education-blog-78/training-and-certification-programs-at-the-global-next-digital-experience-37850

Consolidated list of documentations and tutorials related to Microsoft Azure Cloud Security. Can be used to perform a deep dive on Azure security and for the preparation of Azure Security certification. Feel free to share. Happy learning. Preparation Notes Microsoft Azure Services #Index Scaling Up/Vertical Scaling vs Scaling Out/Horizontal Scaling. What are Azure availability sets? Difference between Azure management groups, Subscriptions and Resource groups Azure Active Directory : Overview. Azure Active Directory User Types and RBAC built-in roles Azure Active Directory User Source of Authority (SoA) Application Registration in Azure Active Directory Azure Active Directory Identity Protection. Azure AD Connect Overview. Azure Front Door : Overview. Hardening your Azure cloud platform and best practices.   Security Documentation Glossary. Azure Well-Architected Framework Introduction to Azure security Azure security documentation Using customer-managed keys in Azure Key Vault with

Azure Front Door is a combination of Load-balancer and Web Application Firewall (WAF). It is a routing service that helps to accelerate the application access availability and performance and works at the Application layer. Azure Front Door service can be considered when you have a pool of application servers at the back-end and you need to load-balance the client requests and enhance the security. When you implement this service, it will route the client requests to the fastest and most available application back-end. These requests can be distributed to the back-end pool based on Weight-age and Priority. Azure Front Door service features, 1) URL based routing 2) Maintaining session affinity 3) SSL termination 4) Web Application Firewall Features. You can configure Azure Front Door in three steps. Search Front Door service from your Azure dashboard. 1) Add the front-end hosts / Domain name. Configure the front-end URL. User requests will hit here. You can enable affinity and WAF at th

Azure Active Directory is an Identity store in the Cloud. You can create users,groups and service principles in the Azure AD. When you create an Azure account, an Azure AD directory is automatically created by default. You mention all your identities in the directory and is used to authenticate and authorize the users to access a resource in the Azure Cloud. If you want to drill-down the access permission, then you can make use of Role Based Access Control (RBAC) which is different from the Azure AD roles.Using Azure AD, you can enable a lot of security features for authentication & authorization such as Multi-Factor Authentication (MFA), Conditional Access, Privileged Identity Management (PIM) etc. When it comes to billing, Azure AD is different from your Subscription billing. Normally all your resource usage will be billed against your subscription. But for Azure AD, you need to purchase the license separately from Microsoft Office 365 portal using a Work/school account. The l

The Azure AD Connect synchronization service is used to synchronize identity data between your on-premise environment and Azure Active Directory. There are two components for this service Azure AD Connect sync component – This is installed on the on-premise environment, recommended to be installed on a domain joined separate server and not on AD server directly. Azure AD Connect sync service – This service runs in Azure AD. Prerequisites for Configuring the Azure AD connect. An Azure AD tenant You need to add and verify your domain in Azure AD The Azure AD Connect sync component must be installed on a Windows Server 2012 Standard or later (On-Premises). The server must have the full GUI installed. The server must be domain joined.Recommended no to install in the AD DC server directly. The Azure AD Connect sync component requires a SQL Server database for storing identity data. By default , the installation of Azure AD Connect will install SQL Server 2012 Express LocalDB.During the conf

Azure Active Directory Identity Protection is used to , Automate the detection of any identity-based risks. It can also be used to investigate any risks to using reports data in the portal It can be used to expose risk detection data to third-party utilities for further analysis. Also possible to auto remediate the risks To use this feature fully fledged, Azure AD Premium P2 license is required. The tool can detect the following risk factors, Leaked credentials - If a user's credentials are leaked , AD Identity protection can get the intelligence and block the access. Sign-ins from anonymous IP addresses - These are user sign-ins that are originated from an IP address that has been identified as an anonymous proxy IP address or VPN. Logins from atypical locations - User sign-in occurs from geographically distant locations, where at least one of the locations may also be atypical for the user. For example, the user is login from New York and in the next hour another login request

When you register an application in Azure AD , you need to specify the application details and the permission details that the application should have when it access the Azure Services. The application can authenticate through the Microsoft Identity platform. The Microsoft Identity platform uses OAuth 2.0 authorization service that enables a third-party application to access web-hosted resources. Once the application object is registered in Azure AD, it is called as a service principle. When you register an application in Azure AD, you need to keep note of two things. 1) Application or Client Identity. 2) Directory or Tenant ID. These ID's are automatically generated during the application registration. Normally, these two information are required to be specified at the application end. After the registration, you may required to generate a client secret and that can be done from the AD -> Certificates & Secrets section. Note that once the secret is generated, you must copy

Source of Authority (SoA) describes where the user is primarily defined. This can be classified in to four categories. A user can be defined in, 1) Azure Active Directory This is a native cloud user account also known a member. 2) External Azure Active Directory Invited user from another azure tenant. If you invite a user from another tenant to your tenant, the user's SoA will be External Azure Active Directory. 3) Microsoft Account A person who creates the subscription (Subscription owner) with a Microsoft account (live, hotmail etc) will have the SoA of Microsoft Account. 4) Local Active Directory Synchronized user accounts with an on-premises Active directory will have the SoA of Local Active Directory.

Azure Active Directory has two types of Users. 1) Member A member is a normal cloud user. An Active Directory member can read all directory information and can invite external users. They can also manage their own profile information and can register applications in the AD. 2) Guest Restricted user  who can manage only their own profile data. Cannot browse the directory and cannot register applications in the AD. RBAC built-in roles (Top 4) Owner Role : Lets you manage everything, including access to resources.The owner can add permission, perform actions such as delete, stop the resources. Contributor Role : This role allows a user to manage all types of resources, but does not allow the user to grant access to resources.To allow a user to have the ability to grant access to resources, the user must be assigned with either the User Access Administrator Role or the Owner Role User Access Administrator Role : In this role, the user can manage the access to resources. The user would be

As you may all know, the ESXi host comes with an inbuild firewall similar to firewalld in Linux or Windows inbuilt Firewall and the ESXi firewall is enabled by default. You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Client or at the command line. But to define a custom firewall port for a service needs to be performed at the command line. This article will help you to create a custom firewall ruleset in ESXi 6.x for any service. Here we take an Example of Syslog . You can refer the below article to know how to configure the syslog in ESXi which leverage the default syslog ports (TCP/UDP 514, 1514) as seen below. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.esxi.upgrade.doc/GUID-9F67DB52-F469-451F-B6C8-DAE8D95976E7.html -- Important point to remember that once you specify a custom port number in the above config, the logs will not be sent via the port until you create the ESXi custom firewall rule set.