IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [azure]

A cloud computing platform offered by Microsoft.

116 questions
44
votes
9 answers

I have just 4 hours a month to security check a cloud based application - How to use my time?

I've been tasked with looking after an application deployed to azure. I have been allocated 4 hours a month. I essentially have half a workday to secure this application / keep it secure. What is an efficient use of my time? Should I concentrate…
user230910
  • 1,005
  • 1
  • 11
  • 12
34
votes
4 answers

Is serverless code immune to DDoS attacks?

In classic hosting we have a virtual machine with limited resources allocated by hosting provider for running our web application. But with serverless code such as AWS Lambda or Azure Functions, our code is executed by hosting provider (Amazon or…
Mr. Engineer
  • 684
  • 1
  • 4
  • 10
28
votes
3 answers

Pentesting against own web service hosted on 3rd party platform

I want to pentest websites and services programmed by our company, which is fine as long as we test it on our own infrastructure. What are the (legal) implications when pentesting our services once they have been deployed to other platforms like…
knipp
  • 589
  • 5
  • 14
23
votes
2 answers

How critical is encryption-at-rest for public cloud hosted systems?

I work as a solutions architect for web-based systems on AWS. As part of this role, I often respond to Information Security questionnaires. Nearly all questionnaires request information about data encryption at-rest and in-transit. However only a…
jdog
  • 355
  • 2
  • 7
15
votes
2 answers

When do shared disks "leak" data to other VMs, and how is that mitigated?

Inspired by this answer, I would like to know what are some common threats and mitigation techniques used to prevent one VM from leaking data to another via the shared storage infrastructure. Possible vulnerable scenarios include EMC SANs that…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
15
votes
4 answers

How do the STS token formats compare to each other SAML vs SWT vs JWT?

I'm configuring an Azure ACS STS and would like to know if there is any impact on security based on the following token formats or how they are used. The answers to this questions should apply to other STSs such as CA Siteminder, Ping Identity,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
12
votes
2 answers

Is it safe to store SSN's in Azure Cloud?

I'm doing due diligence on a company. They are entirely cloud based and need to collect lots of personal information from users (including SSN). Is this something I should be majorly concerned with? They say they are using encryption, and Azure is a…
Tyler Perkins
  • 123
  • 5
10
votes
1 answer

What are the privacy differences with Azure trustee delegates in China, Germany, and other locations?

Azure has different privacy agreements set up with different datacenters as mentioned in this footnote Azure is now available in China through a unique partnership between Microsoft and 21Vianet, one of the country’s largest Internet providers.…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
10
votes
1 answer

Benefits of cloud based full disk encryption

Microsoft announced in May that it supported full disk encryption for VMs. They have recently merged a github branch into the Azure Powershell tools to enable this. The basic theory is that you store encryption keys in an Azure Key Vault HSM, point…
Michael B
  • 436
  • 4
  • 13
8
votes
2 answers

What information is exposed by simply opening an RDP connection to the internet?

Microsoft, Rackspace and other hosted providers allows people to RDP into that server. Here are a few examples: Microsoft has something called "Azure Connect" it is very easy to expose a domain connected terminal server to the Internet by simply…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
5 answers

Should one sign and encrypt using the same key? The Azure Training Labs are taking this approach

I'm taking the Azure lab LoadBalancing with WCF and recognise what I have been told is bad from a security perspective, but am not sure if it applies here. Can someone look at this code and tell me if different certificates should be used in…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
7
votes
1 answer

Intrusion prevention in windows azure?

When using the Windows Azure IAAS servers how does one setup IPS for all incoming traffic to these servers? How would a regular user who runs his whole environment within Azure make sure that he can monitor traffic for security? What are people…
Rob
  • 211
  • 2
  • 3
7
votes
2 answers

What is more secure: Many subdirectories, or many subdomains?

I have 3 websites that could be configured as a "VirtualApplication" in servicedefinition.csdef: www.mydomain.net/enroll www.mydomain.net/admin www.mydomain.net/ ... or I can configure them as a…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
6
votes
1 answer

Hardening SSL/TLS on Azure Cloud Service for A+ on Qualys SSL Labs?

We're using this powershell script as our Azure Cloud Service (PaaS) startup script and we're at an A- on the Qualys SSL Labs test Specifically we're losing points for the following reasons: Forward Secrecy : With some browsers (more info) Downgrade…
DeepSpace101
  • 2,143
  • 3
  • 22
  • 35
5
votes
5 answers

Cloud provider for Penetration Testing

I wish to set up a Kali Linux box on a cloud provider in order to perform same day penetration tests. The issue I am having is finding a cloud provider such as AWS, Azure etc. for this. For AWS they require an application to be filled for each…
K92
  • 81
  • 7
1
2 3 4 5 6 7 8