Hardening Azure Applications

Build large-scale, mission-critical hardened applications on the Azure cloud platform. This 2nd edition provides information on the newer features in Azure, such as Linux extensions and supporting Azure Services such as HDInsight and SQL Server on Linux. Updated with new applications Hardening Azure Applications also discusses Scale Sets (VMSS), a major upgrade that enables autoscaling and seamlessly makes machines ready for high availability. The authors take you step by step through the process of evaluating and building applications with the appropriate hardness attributes. After a small introduction to cloud computing, you will learn about various cloud and hardened cloud applications in detail. Next, you will discover service fundamentals such as instrumentation, telemetry, and monitoring followed by key application experiences. Further, you will cover availability and the economics of 9s. Towards the end, you will see how to secure your application and learn about the modernization of software organisations, a new topic in this edition. After reading this book, you will master the techniques and engineering principles that every architect and developer needs to know to harden their Azure/.NET applications to ensure maximum reliability and high availability when deployed at scale. What You Will Learn Use techniques and principles to harden Azure/.NET applications Secure your applications on Azure Create a scale set on Azure Work with service fundamentals such as instrumentation, telemetry, and monitoring Who This Book Is For Developers and IT professionals who are working on Azure applications.

Learn what it takes to build large scale, mission critical applications -hardened applications- on the Azure cloud platform. This 208 page book covers the techniques and engineering principles that every architect and developer needs to know to harden their Azure/.NET applications to ensure maximum reliability and high availability when deployed at scale. While the techniques are implemented in .NET and optimized for Azure, the principles here will also be valuable for users of other cloud-based development platforms. Applications come in a variety of forms, from simple apps that can be built and deployed in hours to mega-scale apps that need significantly higher engineering rigor and robust organizations to deliver them. How do you build such massively scalable applications to keep pace with traffic demands while always being ‘online’ with five 9's availability? The authors take you step by step through the process of evaluating and building applications with the appropriate hardness attributes. For example, it is easy to say that an application should be available "all the time", but it is very important to understand what each level of 9 for availability means and the resulting implications on engineering and resources. The book explains the details required for developers and IT Pros to get it right in Azure.

Plan, build, and maintain highly secure Azure applications and workloads As business-critical applications and workloads move to the Microsoft Azure cloud, they must stand up against dangerous new threats. That means you must build robust security into your designs, use proven best practices across the entire development lifecycle, and combine multiple Azure services to optimize security. Now, a team of leading Azure security experts shows how to do just that. Drawing on extensive experience securing Azure workloads, the authors present a practical tutorial for addressing immediate security challenges, and a definitive design reference to rely on for years. Learn how to make the most of the platform by integrating multiple Azure security technologies at the application and network layers— taking you from design and development to testing, deployment, governance, and compliance. About You This book is for all Azure application designers, architects, developers, development managers, testers, and everyone who wants to make sure their cloud designs and code are as secure as possible. Discover powerful new ways to: Improve app / workload security, reduce attack surfaces, and implement zero trust in cloud code Apply security patterns to solve common problems more easily Model threats early, to plan effective mitigations Implement modern identity solutions with OpenID Connect and OAuth2 Make the most of Azure monitoring, logging, and Kusto queries Safeguard workloads with Azure Security Benchmark (ASB) best practices Review secure coding principles, write defensive code, fix insecure code, and test code security Leverage Azure cryptography and confidential computing technologies Understand compliance and risk programs Secure CI / CD automated workflows and pipelines Strengthen container and network security

Revised and updated to keep pace with this ever-changing field, Security Strategies in Windows Platforms and Applications, Fourth Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system, placing a particular emphasis on Windows 11, and Windows Server 2022. The Fourth Edition highlights how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. The book also includes a resource for readers desiring more information on Microsoft Windows OS hardening, application security, and incident management. With its accessible writing style, and step-by-step examples, this must-have resource will ensure readers are educated on the latest Windows security strategies and techniques.

The definitive practical guide to Azure Security Center, 50%+ rewritten for new features, capabilities, and threats Extensively revised for updates through spring 2021 this guide will help you safeguard cloud and hybrid environments at scale. Two Azure Security Center insiders help you apply Microsoft's powerful new components and capabilities to improve protection, detection, and response in key operational scenarios. You'll learn how to secure any workload, respond to new threat vectors, and address issues ranging from policies to risk management. This edition contains new coverage of all Azure Defender plans for cloud workload protection, security posture management with Secure Score, advanced automation, multi-cloud support, integration with Azure Sentinel, APIs, and more. Throughout, you'll find expert insights, tips, tricks, and optimizations straight from Microsoft's ASC team. They'll help you solve cloud security problems far more effectively—and save hours, days, or even weeks. Two of Microsoft's leading cloud security experts show how to: Understand today's threat landscape, cloud weaponization, cyber kill chains, and the need to “assume breach” Integrate Azure Security Center to centralize and improve cloud security, even if you use multiple cloud providers Leverage major Azure Policy improvements to deploy, remediate, and protect at scale Use Secure Score to prioritize actions for hardening each workload Enable Azure Defender plans for different workloads, including Storage, KeyVault, App Service, Kubernetes and more Monitor IoT solutions, detect threats, and investigate suspicious activities on IoT devices Reduce attack surfaces via just-in-time VM access, file integrity monitoring, and other techniques Route Azure Defender alerts to Azure Sentinel or a third-party SIEM for correlation and action Access alerts via HTTP, using ASC's REST API and the Microsoft Graph Security API Reliably deploy resources at scale, using JSON-based ARM templates About This Book For architects, designers, implementers, operations professionals, developers, and security specialists working in Microsoft Azure cloud or hybrid environments For all IT professionals and decisionmakers concerned with the security of Azure environments

A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.

A comprehensive guide to administering and protecting the latest Windows 11 and Windows Server 2022 from the complex cyber threats Key Features Learn to protect your Windows environment using zero-trust and a multi-layered security approach Implement security controls using Intune, Configuration Manager, Defender for Endpoint, and more Understand how to onboard modern cyber-threat defense solutions for Windows clients Book DescriptionAre you looking for the most current and effective ways to protect Windows-based systems from being compromised by intruders? This updated second edition is a detailed guide that helps you gain the expertise to implement efficient security measures and create robust defense solutions using modern technologies. The first part of the book covers security fundamentals with details around building and implementing baseline controls. As you advance, you’ll learn how to effectively secure and harden your Windows-based systems through hardware, virtualization, networking, and identity and access management (IAM). The second section will cover administering security controls for Windows clients and servers with remote policy management using Intune, Configuration Manager, Group Policy, Defender for Endpoint, and other Microsoft 365 and Azure cloud security technologies. In the last section, you’ll discover how to protect, detect, and respond with security monitoring, reporting, operations, testing, and auditing. By the end of this book, you’ll have developed an understanding of the processes and tools involved in enforcing security controls and implementing zero-trust security principles to protect Windows systems.What you will learn Build a multi-layered security approach using zero-trust concepts Explore best practices to implement security baselines successfully Get to grips with virtualization and networking to harden your devices Discover the importance of identity and access management Explore Windows device administration and remote management Become an expert in hardening your Windows infrastructure Audit, assess, and test to ensure controls are successfully applied and enforced Monitor and report activities to stay on top of vulnerabilities Who this book is for If you're a cybersecurity or technology professional, solutions architect, systems engineer, systems administrator, or anyone interested in learning how to secure the latest Windows-based systems, this book is for you. A basic understanding of Windows security concepts, Intune, Configuration Manager, Windows PowerShell, and Microsoft Azure will help you get the best out of this book.

Did you know that the most common cloud security threats happen because of cloud service misconfigurations, not outside attacks? If you did not, you are not alone. In the on-premises world, cybersecurity risks were limited to the organization’s network, but in the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding advent of DevOps methodology, security is now the responsibility of everyone who is part of the application development life cycle, not just the security specialists. Applying the clear and pragmatic recommendations given in this book, you can reduce the cloud applications security risks in your organization. This is the book that every Azure solution architect, developer, and IT professional should have on hand when they begin their journey learning about Azure security. It demystifies the multitude of security controls and offers numerous guidelines for Azure, curtailing hours of learning fatigue and confusion. Throughout the book you will learn how to secure your applications using Azure’s native security controls. After reading this book, you will know which security guardrails are available, how effective they are, and what will be the cost of implementing them. The scenarios in this book are real and come from securing enterprise applications and infrastructure running on Azure. What You Will Learn Remediate security risks of Azure applications by implementing the right security controls at the right time Achieve a level of security and stay secure across your Azure environment by setting guardrails to automate secure configurations Protect the most common reference workloads according to security best practices Design secure access control solutions for your Azure administrative access, as well as Azure application access Who This Book Is For Cloud security architects, cloud application developers, and cloud solution architects who work with Azure. It is also a valuable resource for those IT professionals responsible for securing Azure workloads in the enterprise.