(Download PDF) Cyber Security On Azure An It Professionals Guide To Microsoft Azure Security Marshall Copeland Online Ebook All Chapter PDF
(Download PDF) Cyber Security On Azure An It Professionals Guide To Microsoft Azure Security Marshall Copeland Online Ebook All Chapter PDF
(Download PDF) Cyber Security On Azure An It Professionals Guide To Microsoft Azure Security Marshall Copeland Online Ebook All Chapter PDF
https://textbookfull.com/product/cyber-security-on-azure-an-it-
professional-s-guide-to-microsoft-azure-security-2nd-edition-
marshall-copeland-matthew-jacobs/
https://textbookfull.com/product/cyber-security-on-azure-an-it-
professionals-guide-to-microsoft-azure-security-center-1st-
edition-marshall-copeland/
https://textbookfull.com/product/the-developer-s-guide-to-
microsoft-azure-microsoft/
https://textbookfull.com/product/data-lake-analytics-on-
microsoft-azure-a-practitioners-guide-to-big-data-engineering-
harsh-chawla/
Practical Microsoft Azure IaaS Shijimol Ambi
Karthikeyan
https://textbookfull.com/product/practical-microsoft-azure-iaas-
shijimol-ambi-karthikeyan/
https://textbookfull.com/product/implementing-devops-with-
microsoft-azure-mitesh-soni/
https://textbookfull.com/product/pro-powershell-for-microsoft-
azure-make-the-leap-to-the-microsoft-cloud-ishac/
https://textbookfull.com/product/quick-start-guide-to-azure-data-
factory-azure-data-lake-server-and-azure-data-warehouse-1st-
edition-mark-beckner/
https://textbookfull.com/product/serverless-security-understand-
assess-and-implement-secure-and-reliable-applications-in-aws-
microsoft-azure-and-google-cloud-miguel-a-calles/
Cyber Security
on Azure
An IT Professional’s Guide to Microsoft
Azure Security
—
Second Edition
—
Marshall Copeland
Matthew Jacobs
Cyber Security on Azure
An IT Professional’s Guide
to Microsoft Azure Security
Second Edition
Marshall Copeland
Matthew Jacobs
Cyber Security on Azure: An IT Professional’s Guide to Microsoft Azure Security
Introduction�������������������������������������������������������������������������������������������������������������xv
v
Table of Contents
vi
Table of Contents
vii
Table of Contents
Index��������������������������������������������������������������������������������������������������������������������� 273
viii
About the Authors
Marshall Copeland is a cloud security architect focused
on helping customers “shift left” with cloud security
defenses in Azure public cloud using cloud-native services
and third-party network security appliances. He uses
Infrastructure as Code (IaC) with ARM templates or
Terraform HCL to build cloud infrastructure and disaster
recovery solutions. Marshall’s Azure security design skills
include Azure Sentinel, Security Center, Policy, Firewall, and
ACL networking and a few open source solutions such as
ELK stack, Wireshark, and Snort. He partners with security
operations to guide cloud investigations to enhance “blue
team hunting” efficiencies.
ix
About the Technical Reviewer
Vidya Vrat Agarwal is a software architect, author, blogger,
Microsoft MVP, C# Corner MVP, speaker, and a mentor. He
is a TOGAF Certified Architect and a Certified Scrum Master
(CSM). He is currently working as a Principal Architect at
T-Mobile Inc., USA. He started working on Microsoft .NET
with its first beta release. Vidya is passionate about people,
process, and technology and loves to contribute to the .NET
community. He lives in Redmond, WA, United States, with
his wife Rupali, two daughters Pearly and Arshika, and a
female puppy Angel.
xi
Acknowledgments
Special acknowledgment to Shrikant Vishwakarma, Smriti Srivastava, and the Apress
team; we are so thankful for your guidance, support, and expert advice on this
publication. Thank you to Vidya Vrat Agarwal for his professional technical resources;
we are very fortunate to have your expert skills for this publication. The Apress team is a
fantastic company to help technical people share their knowledge at a global level.
xiii
Introduction
The first edition of this book in 2017 placed cyber security front and center to teams of
IT professionals who may not have focused on cyber security. This second edition is
completely rewritten and updated, with more than 70% of the book containing brand-
new Azure cloud security topics. Business relies more on subject matter experts (SME),
the professional resources, as they continue to secure applications and data in the
cloud. This second edition goes deeper on Azure security features that did not exist a
few years ago. This publication is an ambitious resource to provide readers a strong
foundation to learn and deploy Azure security best practices.
This book comes from several years of lessons learned and late nights of trying
to understand the what, how, and why. Having worked with several customers and
organizations moving to cloud-focused technologies, this book will aid in choosing the
right path for planning and moving forward with a cloud strategy. It will also empower
organizations to start taking their first steps toward cloud adoption, cloud migration, and
creating governance around an ever-changing technology and toolset.
This book was written for the following types of IT/cloud professionals:
This second edition does not repeat guidance to review current cyber security
reports; that should now be part of your security practice. You expand beyond Azure
Security Center and learn to use new and updated Azure native security services like
Azure Sentinel, Privileged Identity Management, Azure Firewalls, and SQL Advanced
Threat Protection and how best to protect Azure Kubernetes Services. Open this book
and begin the deep dive into Microsoft Azure Security.
xv
PART I
Reduce Cyber
Security Vulnerabilities:
Identity Layer
Navigating the shifting landscape of security can be a daunting task, especially when
making the jump to cloud services or after reading about the latest breach that happened
to “Company Z.” It can be confusing learning a new technology as both the threats and
the platforms we use evolve every day. By understanding and implementing some of the
concepts and technologies outlined in this chapter, you will stay on the forefront of the
emerging trends in cyber security.
In this chapter, we will explain some of the mechanisms to create layers of protection
around your Azure Tenant; how to manage Azure users and groups, utilizing Azure
Active Directory (AAD) as your Identity Management solution with OAuth, SAML, or AD
Connect; and how to set up Privileged Identity Management.
Note The topics and guidelines in this chapter represent how to take your first
steps to managing your identity in Azure. We cover a baseline that can be tailored
to fit your specific organizational needs.
3
© Marshall Copeland and Matthew Jacobs 2021
M. Copeland and M. Jacobs, Cyber Security on Azure, https://doi.org/10.1007/978-1-4842-6531-4_1
Chapter 1 Reduce Cyber Security Vulnerabilities: Identity Layer
4
Chapter 1 Reduce Cyber Security Vulnerabilities: Identity Layer
everything but assign access, and Readers can read. For tighter controls, we can also
apply the roles of MG Reader or MG Contributor, which only allow for actions within the
management scope. Refer to Figure 1-2 for a detail of roles and actions.
6
Chapter 1 Reduce Cyber Security Vulnerabilities: Identity Layer
Figure 1-7. This is a simple example of non-federation with Azure as the IdP
Security Measures
Now that we have gone over the Identity Provider scenarios, mechanisms we use to
access our identity, and high-level management concepts, we need to look at how we
create security measures within our tenant. Security measures are the ways in which
we minimize the ability for bad actors to gain access to our resources. We will touch
18
Another random document with
no related content on Scribd:
than there is food for, thus ensuring that every portion of the food will
be rapidly consumed, after which the partially-grown larvae complete
their development by the aid of cannibalism. It is thus ensured that
the food will raise up as many individuals as possible.
Fig. 244—The Tse-tse fly (Glossina morsitans). A, The fly with three
divisions of the proboscis projecting; B, adult larva; C, pupa.
Some deposit their eggs on the hairs of the beasts from which the
larvae are to draw their nutriment, but others place their larvae,
already hatched, in the entrances of the nasal passages. They do
not feed on the blood or tissues of their victims, but on the
secretions, and these are generally altered or increased by the
irritation induced by the presence of the unwelcome guests. It would
appear, on the whole, that their presence is less injurious than would
be expected, and as they always quit the bodies of their hosts for the
purposes of pupation, a natural end is put to their attacks. We have
ten species in Britain, the animals attacked being the ox, the horse,
the ass, the sheep, and the red deer; others occasionally occur in
connexion with animals in menageries. The eggs of Gastrophilus
equi are placed by the fly, when on the wing, on the hair of horses
near the front parts of the body, frequently near the knee, and, after
hatching, the young larvae pass into the stomach of the horse either
by being licked off, or by their own locomotion; in the stomach they
become hooked to the walls, and after being full grown pass out with
the excreta: the Bots—as these larvae are called—are sometimes
very numerous in the stomach, for a fly will lay as many as four or
five hundred eggs on a single horse: in the case of weakly animals,
perforation of the stomach has been known to occur in consequence
of the habit of the Bot of burying itself to a greater or less extent in
the walls of the stomach. Hypoderma bovis and H. lineata attack the
ox, and the larvae cause tumours in the skin along the middle part of
the back. It was formerly inferred from this that the fly places its eggs
in this situation, and as the cattle are known to dread and flee from
the fly, it was supposed to be on account of the pain inflicted when
the egg was thrust through the skin. Recent observations have
shown that these views are erroneous, but much still remains to be
ascertained. The details of oviposition are not yet fully known, but it
appears that the eggs are laid on the lower parts of the body,
especially near the heels, and that they hatch very speedily.[441] As
the imago of Hypoderma appears for only a very short period in the
summer, the time of the oviposition is certain. The newly-disclosed
larva is considerably different from the more advanced instar found
in the skin of the back; moreover, a long period of many months
intervenes between the hatching of the larva and its appearance in
the part mentioned. Brauer has shown that when the grub is first
found in that situation it is entirely subcutaneous. Hence it would be
inferred that the newly-hatched larva penetrated the skin probably
near the spot it was deposited on, and passed a period in
subcutaneous wandering, on the whole going upwards till it arrived
at the uppermost part: that after moulting, and in consequence of
greater need for air, it then pierced the skin, and brought its
breathing organs into contact with the external air; that the irritation
caused by the admission of air induced a purulent secretion, and
caused the larva to be enclosed in a capsule. Dr. Cooper Curtice has
however found, in the oesophagus of cattle, larvae that he considers
to be quite the same as those known to be the young of Hypoderma;
and if this prove to be correct, his inference that the young larvae are
licked up by the cattle and taken into the mouth becomes probable.
The larva, according to this view, subsequently pierces the
oesophagus and becomes subcutaneous by passing through the
intervening tissues. The later history of the grub is briefly, that when
full grown it somewhat enlarges the external orifice of its cyst, and by
contractions and expansions of the body, passes to the surface, falls
to the ground, buries itself and becomes a pupa. If Dr. Curtice be
correct, there should, of course, be as many, if not more, larvae
found in the oesophagus as in the back of the animal; but, so far as
is known, this is not the case, and we shall not be surprised if the
normal course of development be found different from what Dr.
Curtice supposes it to be. His observations relate to Hypoderma
lineata. Our common British species is usually supposed to be H.
bovis; but from recent observations it seems probable that most of
the "Ox-warbles" of this country are really due to the larvae of H.
lineata.
The four families included in this Series are, with the exception of the
Hippoboscidae, very little known. Most of them live by sucking blood
from Mammals and Birds, and sometimes they are wingless
parasites. The single member of the family Braulidae lives on bees.
The term Pupipara is erroneous, and it would be better to revert to
Réaumur's prior appellation Nymphipara. Müggenburg has
suggested that the division is not a natural one, the points of
resemblance that exist between its members being probably the
results of convergence. Recent discoveries as to the modes of
bringing forth of Muscidae give additional force to this suggestion. A
satisfactory definition of the group in its present extent seems
impossible.
Some of the Hippoboscidae that live on birds take to the wing with
great readiness, and it is probable that these bird-parasites will prove
more numerous than is at present suspected.
The tiny Insects called Thrips are extremely abundant and may often
be found in profusion in flowers. Their size is only from 1⁄50 to ⅓ of
an inch in length; those of the latter magnitude are in fact giant
species, and so far as we know at present are found only in Australia
(Fig. 253). As regards the extent of the Order it would appear that
Thysanoptera are insignificant, as less than 150 species are known.
Thrips have been, however, very much neglected by entomologists,
so it will not be a matter for surprise if there should prove to be
several thousand species. These Insects present several points of
interest; their mouth-organs are unique in structure; besides this,
they exhibit so many points of dissimilarity from other Insects that it
is impossible to treat them as subdivisions of any other Order. They
have, however, been considered by some to be aberrant
Pseudoneuroptera (cf. Vol. V.), while others have associated them
with Hemiptera. Both Brauer and Packard have treated
Thysanoptera as a separate Order, and there can be no doubt that
this is correct. Thysanoptera have recently been monographed by
Uzel in a work that is, unfortunately for most of us, in the Bohemian
language.[456]
Fig. 253—Idolothrips spectrum. Australia.
The antennae are never very long, and are 6 to 9-jointed. The head
varies much, being sometimes elongate and tubular, but sometimes
short; it has, however, always the peculiarity that the antennae are
placed quite on its front part, and that the mouth appears to be
absent, owing to its parts being thrust against the under side of the
thorax and concealed. Their most remarkable peculiarity is that
some of them are asymmetrical: Uzel looks on the peculiar structure,
the "Mundstachel," m, m (Fig. 254) found on the left side of the body,
as probably an enormous development of the epipharynx. Previous
to the appearance of Uzel's work, Garman had, however, correctly
described the structure of the mouth;[457] he puts a different
interpretation on the parts; he points out that the mandibles (j), so-
called by Uzel, are attached to the maxillae, and he considers that
they are really jointed, and that they are lobes thereof; while the
Mundstachel or piercer is, he considers, the left mandible; the
corresponding structure of the other side being nearly entirely
absent. He points out that the labrum and endocranium are also
asymmetrical. We think Garman's view a reasonable one, and may
remark that dissimilarity of the mandibles of the two sides is usual in
Insects, and that the mandibles may be hollow for sucking, as is
shown by the larvae of Hemerobiides. There are usually three ocelli,
but they are absent in the entirely apterous forms.
Fig. 254—Face (with base of the antennae) of Aeolothrips fasciata.
(After Uzel.) a, Labrum; b, maxilla with its palp (c); bl, terminal part
of vertex near attachment of month-parts; d, membrane between
maxilla and mentum; e, mentum ending in a point near f; g,
membrane of attachment of the labial palp h; i, ligula; j, j the
bristle-like mandibles; k, the thicker base of mandible; l, chitinous
lever; m, mouth-spine, with its thick basal part n, and o, its
connection with the forehead, r, r; p, foramen of muscle; s and t,
points of infolding of vertex; u, a prolongation of the gena.
The wings appear to spring from the dorsal surface of the body, not
from the sides; the anterior pair is always quite separated from the
posterior; the wings are always slender, sometimes very slender; in
other respects they exhibit considerable variety; sometimes the front
pair are different in colour and consistence from the other pair. The
abdomen has ten segments, the last of which is often tubular in form.
The peculiar vesicular structures by which the feet are terminated
are, during movement, alternately distended and emptied, and have
two hooks or claws on the sides. The stigmata are extremely
peculiar, there being four pairs, the first being the mesothoracic, 2nd
metathoracic, 3rd on the second abdominal segment, 4th on the
eighth abdominal segment.[458] There are four Malpighian tubes,
and two or three pairs of salivary glands. The dorsal vessel is said to
be a short sack placed in the 7th and 8th abdominal segments. The
abdominal ganglia of the ventral chain are concentrated in a single
mass, placed in, or close to, the thorax; the thorax has two other
approximated ganglia, as well as an anterior one that appears to be
the infra-oesophageal.
The metamorphosis is also peculiar; the larva does not differ greatly
in appearance from the adult, and has similar mouth-organs and
food-habits. The wings are developed outside the body at the sides,
and appear first, according to Heeger, after the third moult. The
nymph-condition is like that of a pupa inasmuch as no nourishment
is taken, and the parts of the body are enclosed in a skin: in some
species there is power of movement to a slight degree, but other
species are quite motionless. In some cases the body is entirely
bright red, though subsequently there is no trace of this colour.
Jordan distinguishes two nymphal periods, the first of which he calls
the pronymphal; in it the Insect appears to be in a condition
intermediate between that of the larva and that of the true nymph;
the old cuticle being retained, though the hypodermis is detached
from it and forms a fresh cuticle beneath it. This condition, as Jordan
remarks, seems parallel to that of the male Coccid, and approaches
closely to complete metamorphosis; indeed the only characters by
which the two can be distinguished appear to be (1) that the young
has not a special form; (2) that the wings are developed outside the
body.