When using the Windows Azure IAAS servers how does one setup IPS for all incoming traffic to these servers? How would a regular user who runs his whole environment within Azure make sure that he can monitor traffic for security?
What are people doing now?
Thanks in advance.
There are a number of layers at which IDS/IPS can come into play when dealing with Azure IaaS.
First, without doing anything at all, you already have IDS/IPS in place, because it's a standard piece of the Azure network security infrastructure. Every packet that enters their networks is going to be subject to inspection by the systems that are already in place. This, however, is just a baseline. They're not going to be able to do a lot with traffic that is encrypted, for instance, as much of your traffic likely is until it gets to your machines, and they can't be too aggressive so they don't drop legitimate traffic.
So, if you want additional IDS/IPS beyond what they provide, you have a couple of additional options within your environment. The first would be a network-based IDS/IPS appliance. Given that Azure is a cloud, and you can't deploy actual hardware, this would need to be a virtual appliance, of course, but those are supported in Azure, you'll just need to look for vendors whose appliances are compatible with Azure.
The last, and least complicated option is host-based IDS/IPS. This is going to work the same on VMs in Azure as it would on any other machine. HIPS is software that you install on a machine that you want to protect that will inspect and deal with malicious traffic coming to that machine alone. There are a number of HIDS/HIPS offerings available and they should generally work as well in Azure as the do outside of Azure.
