Cyber Security on Azure An IT

Professional s Guide to Microsoft Azure

Security 2nd Edition Marshall Copeland
Matthew Jacobs
Visit to download the full and correct content document:
https://textbookfull.com/product/cyber-security-on-azure-an-it-professional-s-guide-to-
microsoft-azure-security-2nd-edition-marshall-copeland-matthew-jacobs/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Cyber Security on Azure: An IT Professional’s Guide to

Microsoft Azure Security Marshall Copeland

https://textbookfull.com/product/cyber-security-on-azure-an-it-
professionals-guide-to-microsoft-azure-security-marshall-
copeland/

Cyber Security on Azure: An IT Professional’s Guide to

Microsoft Azure Security Center 1st Edition Marshall
Copeland

https://textbookfull.com/product/cyber-security-on-azure-an-it-
professionals-guide-to-microsoft-azure-security-center-1st-
edition-marshall-copeland/

The Developer s Guide to Microsoft Azure Microsoft

https://textbookfull.com/product/the-developer-s-guide-to-
microsoft-azure-microsoft/

Cyber Security The complete guide to cyber threats and

protection 2nd edition Sutton

https://textbookfull.com/product/cyber-security-the-complete-
guide-to-cyber-threats-and-protection-2nd-edition-sutton/
Data Lake Analytics on Microsoft Azure: A
Practitioner's Guide to Big Data Engineering Harsh
Chawla

https://textbookfull.com/product/data-lake-analytics-on-
microsoft-azure-a-practitioners-guide-to-big-data-engineering-
harsh-chawla/

Exam Ref AZ 900 Microsoft Azure Fundamentals 2nd

Edition Jim Cheshire

https://textbookfull.com/product/exam-ref-az-900-microsoft-azure-
fundamentals-2nd-edition-jim-cheshire/

Practical Microsoft Azure IaaS Shijimol Ambi

Karthikeyan

https://textbookfull.com/product/practical-microsoft-azure-iaas-
shijimol-ambi-karthikeyan/

Implementing Devops with Microsoft Azure Mitesh Soni

https://textbookfull.com/product/implementing-devops-with-
microsoft-azure-mitesh-soni/

Quick Start Guide to Azure Data Factory Azure Data Lake

Server and Azure Data Warehouse 1st Edition Mark
Beckner

https://textbookfull.com/product/quick-start-guide-to-azure-data-
factory-azure-data-lake-server-and-azure-data-warehouse-1st-
edition-mark-beckner/
Marshall Copeland and Matthew Jacobs

Cyber Security on Azure

An IT Professional’s Guide to Microsoft Azure
Security
2nd ed.
Marshall Copeland
Austin, TX, USA

Matthew Jacobs
Nashville, TN, USA

Any source code or other supplementary material referenced by the

author in this book is available to readers on GitHub via the book’s
product page, located at www.​apress.​com/​978-1-4842-6530-7. For
more detailed information, please visit http://​www.​apress.​com/​
source-code.

ISBN 978-1-4842-6530-7 e-ISBN 978-1-4842-6531-4

https://doi.org/10.1007/978-1-4842-6531-4

© Marshall Copeland and Matthew Jacobs 2021

This work is subject to copyright. All rights are solely and exclusively
licensed by the Publisher, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, reuse of
illustrations, recitation, broadcasting, reproduction on microfilms or in
any other physical way, and transmission or information storage and
retrieval, electronic adaptation, computer software, or by similar or
dissimilar methodology now known or hereafter developed.

The use of general descriptive names, registered names, trademarks,

service marks, etc. in this publication does not imply, even in the
absence of a specific statement, that such names are exempt from the
relevant protective laws and regulations and therefore free for general
use.

The publisher, the authors and the editors are safe to assume that the
advice and information in this book are believed to be true and accurate
at the date of publication. Neither the publisher nor the authors or the
editors give a warranty, expressed or implied, with respect to the
material contained herein or for any errors or omissions that may have
been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.

Distributed to the book trade worldwide by Springer Science+Business

Media LLC, 1 New York Plaza, Suite 4600, New York, NY 10004. Phone
1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-
sbm.com, or visit www.springeronline.com. Apress Media, LLC is a
California LLC and the sole member (owner) is Springer Science +
Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a
Delaware corporation.
Thank you Angela Copeland for your love and support on this “one more
book.” Thank you Mark Hilley for saving lives as a Firefighter EMT First
Responder. Thank you Matthew Jacobs for giving up weekends and
providing cloud security insight; you have a future as a cyber security
“blue team” leader. A very special thank you to life-long friends and
family, Tara Larson, Anthony Puca, Julian Soh, Keith Olinger, Mark
Ghazai, Eric Schwindt, and Jaime Segura.
—Marshall Copeland
For my wonderfully supportive wife Elizabeth Jacobs, who has always
pushed me to go further than I have ever imagined. I am forever grateful.
To my mother Anita Hale, thank you for all you have done to make this
possible. Thank you to my mentors and friends, Cayce Borden, Brent
Reynolds, Andy Bullington, Zach Hoover, Jay Sundberg, Jeff Prouse, Sharon
Asmus, Vern Hall, Rusty Martin, David Joseph, Andrew Scott, Maher
Aldineh, and Ben Moss.
—Matthew Jacobs
Introduction
The first edition of this book in 2017 placed cyber security front and
center to teams of IT professionals who may not have focused on cyber
security. This second edition is completely rewritten and updated, with
more than 70% of the book containing brand-new Azure cloud security
topics. Business relies more on subject matter experts (SME), the
professional resources, as they continue to secure applications and data
in the cloud. This second edition goes deeper on Azure security features
that did not exist a few years ago. This publication is an ambitious
resource to provide readers a strong foundation to learn and deploy
Azure security best practices.
This book comes from several years of lessons learned and late
nights of trying to understand the what, how, and why. Having worked
with several customers and organizations moving to cloud-focused
technologies, this book will aid in choosing the right path for planning
and moving forward with a cloud strategy. It will also empower
organizations to start taking their first steps toward cloud adoption,
cloud migration, and creating governance around an ever-changing
technology and toolset.
This book was written for the following types of IT/cloud
professionals:
IT subject-matter experts (SMEs)
IT professionals looking to expand their knowledge of cloud
technologies
Cyber security teams
This second edition does not repeat guidance to review current
cyber security reports; that should now be part of your security
practice. You expand beyond Azure Security Center and learn to use
new and updated Azure native security services like Azure Sentinel,
Privileged Identity Management, Azure Firewalls, and SQL Advanced
Threat Protection and how best to protect Azure Kubernetes Services.
Open this book and begin the deep dive into Microsoft Azure Security.
Acknowledgments
Special acknowledgment to Shrikant Vishwakarma, Smriti Srivastava,
and the Apress team; we are so thankful for your guidance, support,
and expert advice on this publication. Thank you to Vidya Vrat Agarwal
for his professional technical resources; we are very fortunate to have
your expert skills for this publication. The Apress team is a fantastic
company to help technical people share their knowledge at a global
level.
Table of Contents
Part I: Zero Trust Cloud Security
Chapter 1:​Reduce Cyber Security Vulnerabilities:​Identity Layer
Azure Cloud Relations:​Tenant, Subscription, Resources
Azure Tenant Security
Azure Subscription Security
Azure API Security
Azure Resource Locks
Managing Azure Active Directory:​Users and Groups
Azure Users
Azure Groups
Azure Active Directory:​OAuth, SAML, AD Connect
OAuth
SAML
AD Connect
Security Measures
Azure Application Permission Scopes
Configure Multi-Factor Authentication
Conditional Access Policies
Azure AD Privileged Identity Management
Summary
Chapter 2:​Azure Network Security Configuration
Virtual Network Overview
VNets
Network Security Group
VNet Security Best Practices
 Network Peering
Application Security Groups
TCP/​IP Port Vulnerability
Azure Front Door Service
Remote Access Management
Azure Bastion Host
Summary
Chapter 3:​Reduce Cyber Security Vulnerabilities:​IaaS and Data
Azure Security with IaC
ARM Development
Harden Azure VMs
Patching the VM Directly
VM Security and Endpoint Protection
Database Security
DB Best Practices
DB Authentication
Database Auditing
Storage Accounts
Shared Access Signatures
Key Management
Summary
Part II: Azure Cloud Security Operations
Chapter 4:​Configure Azure Monitoring for Blue Team Hunting
Azure Data Platform
Azure Logs
Azure Metrics
 Azure Monitor and Log Analytics Enablement
Log Analytics Workspace Security Strategy
Guest OS Metrics and Logs
Connecting Data Sources to Log Analytics Workspace
Summary
Chapter 5:​Azure Security Center and Azure Sentinel
Cloud Security Challenges
Enable Security
Configuration Value
Standard Tier Advantages
Just-in-Time Access
Advanced Threat Detection
Anomaly Detection
Crash Analysis
Threat Intelligence
Behavioral Analysis
Configure Alerting
Using Security Center
Compute and Apps
Network
Data and Storage
Azure Sentinel
Connect to Data Streams
Using Azure Sentinel
Logs Pane
Analytics Pane
 Hunting
Summary
Chapter 6:​Azure Kubernetes Services:​Container Security
Microservices
Containers, Docker, and Kubernetes
Azure Kubernetes Services and Security
Authentication
Container Security
AKS Security with Security Center and Sentinel
Kubernetes Security with Azure Policy
Summary
Chapter 7:​Security Governance Operations
Azure Governance Architecture
Management Groups
Azure Policy
Compliance Reporting
Assignments
Blueprints
Role-Based Access Control
Azure Cost Management
Data Governance
Classification
Data Retention
Summary
Index
About the Authors
Marshall Copeland
is a cloud security architect focused on
helping customers “shift left” with cloud
security defenses in Azure public cloud
using cloud-native services and third-
party network security appliances. He
uses Infrastructure as Code (IaC) with
ARM templates or Terraform HCL to
build cloud infrastructure and disaster
recovery solutions. Marshall’s Azure
security design skills include Azure
Sentinel, Security Center, Policy, Firewall,
and ACL networking and a few open
source solutions such as ELK stack,
Wireshark, and Snort. He partners with
security operations to guide cloud
investigations to enhance “blue team
hunting” efficiencies.

Matthew Jacobs
is a system engineer focused on cloud
architecture technologies needed to
support identity management, security,
and collaboration toolsets for small and
medium businesses, including enterprise
organizations. His work has focused on
digital transformation, including on-
premises only, hybrid cloud networks,
and complete public cloud-only
deployment. Matthew brings a hands-on
cloud architecture approach for Identity
and Access Management (IAM) and
enhanced engineering to enable business
agility that secures and supports a global remote workforce. His current
work in the Nashville, Tennessee, area includes Fortune 500 media,
entertainment, and hospitality companies, and his work history
extends into public cloud federal compliance requirements for the
banking and healthcare industries.
About the Technical Reviewer
Vidya Vrat Agarwal
is a software architect, author, blogger,
Microsoft MVP, C# Corner MVP, speaker,
and a mentor. He is a TOGAF Certified
Architect and a Certified Scrum Master
(CSM). He is currently working as a
Principal Architect at T-Mobile Inc., USA.
He started working on Microsoft .NET
with its first beta release. Vidya is
passionate about people, process, and
technology and loves to contribute to the
.NET community. He lives in Redmond,
WA, United States, with his wife Rupali,
two daughters Pearly and Arshika, and a
female puppy Angel.
Part I
Zero Trust Cloud Security
Zero Trust Cloud Security
In Part 1, the focus is on the configuration of Azure cloud-native
security solutions to support a Zero Trust model. Let us first
understand the that cloud native are security solutions created by
Microsoft Azure for consumption in your Azure Tenant and
subscriptions. You need to consider what supports the Azure Tenant,
which more closely is tied to the identity layer, and what native
solutions support the subscription layer.
The subscription layer has machines, which are tied directly to
identity and customer data. The data is what every “bad actor” is
attempting to copy, augment, or damage.
The cyber security challenges are used to classify Azure cloud
security needs to better focus on improving your security posture in the
cloud. Traditional on-premises have been enabling security in different
verticals, networks, identities, users, systems, applications, and data.
In every chapter, security tools and techniques are introduced and
real-world examples of how attacks were achieved, and each example
trains the Azure Security operations teams using the cyber kill chain as
their “north star.” Blue teams in the cloud need to learn how to disrupt
the kill chain at every link. The reader is introduced to the most current
command and control (C&C or C2) information framework to support
examples. The tool is used to identify hacker techniques based on their
past attacks and forensics. Examples will expand on different attack
techniques with exercises to upskill their Azure cloud security
knowledge from these community-supported tools
(https://attack.mitre.org/ and
www.thec2matrix.com/matrix).
ADFS deployment, all users will be redirected to your on-premises domain for
authentication. This scenario is ideal for organizations that are heavily integrated with
ADFS for Single Sign-On (SSO) with limited options to move to cloud or are looking to
extend their presence into the cloud without switching to a full cloud model for
Identity Management. A basic illustration of this is represented in Figure 1-6.

Figure 1-6 This is a simple example of federation with ADFS as the IdP
When choosing to federate your Azure AD, be sure to enable Password Hash
Synchronization and have an adequate level of redundancy built into your on-premises
environment. If you lose connectivity to your local ADFS deployment through Internet
Service Provider outages, hardware failures, or local configuration changes, you can
rely on Password Hash Synchronization as a backup method for authentication instead
of needing to reference ADFS. One precaution is the longer amount of disconnect
between your domain, the less up to date your Password Hashes, causing a potential
influx of password mismatches when service is restored.

Non-federation
Choosing not to federate extends your Identity Management from local Active
Directory to your Azure Tenant. Unlike federation, Azure AD becomes your IdP, and all
other applications that are deployed in Azure or integrated with Azure will act as
Service Providers. When deploying Azure AD Connect with Password Hash
Synchronization, you also enable your on-premises Active Directory to become your
source of truth for accounts that exist locally and in the cloud. A basic illustration of
this is represented in Figure 1-7.
Figure 1-7 This is a simple example of non-federation with Azure as the IdP
When setting up your Azure AD Connect using a non-federation model, you have
two different options for how your accounts authenticate: Password Hash
Synchronization (PHS) and Pass-Through Authentication (PTA). PTA is similar to the
ADFS model, but instead of redirecting to an ADFS farm, Azure AD Connect will
validate the credentials directly to your on-premises domain controllers. While each
method has robust security around the transport and storage for credentials, an ideal
scenario is to set up PHS and enable password writeback. Enabling password
writeback allows for users to change their password without the need to directly
contact a domain controller. When the user changes their password through the Azure
tenant, the password will be validated against the password requirements of the local
domain. You will also need to have password writeback enabled to perform Self-
Service Password Reset (SSPR), outlined in a later section.

Security Measures
Now that we have gone over the Identity Provider scenarios, mechanisms we use to
access our identity, and high-level management concepts, we need to look at how we
create security measures within our tenant. Security measures are the ways in which
we minimize the ability for bad actors to gain access to our resources. We will touch on
Azure application permission scopes, provide an in-depth guide on enabling Multi-
Factor Authentication for our tenant, set up Conditional Access Policies, and provide a
high-level overview of Privileged Identity Management.

Azure Application Permission Scopes

Continuing from our discussion in the “OAuth” section, Azure integrates its tenant
applications based on the OAuth protocol. We can break these permissions or scopes
Another random document with
no related content on Scribd:
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund from
the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law in
the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms of
this agreement by keeping this work in the same format with its
attached full Project Gutenberg™ License when you share it without
charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears, or
with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning of
this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1 with
active links or immediate access to the full terms of the Project
Gutenberg™ License.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or expense
to the user, provide a copy, a means of exporting a copy, or a means
of obtaining a copy upon request, of the work in its original “Plain
Vanilla ASCII” or other form. Any alternate format must include the
full Project Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
 copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except

for the “Right of Replacement or Refund” described in paragraph
1.F.3, the Project Gutenberg Literary Archive Foundation, the owner
of the Project Gutenberg™ trademark, and any other party
distributing a Project Gutenberg™ electronic work under this
agreement, disclaim all liability to you for damages, costs and
expenses, including legal fees. YOU AGREE THAT YOU HAVE NO
REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF
WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE
PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE
FOUNDATION, THE TRADEMARK OWNER, AND ANY
DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE
TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE
NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving it,
you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or entity
that provided you with the defective work may elect to provide a
replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.
1.F.6. INDEMNITY - You agree to indemnify and hold the
Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and distribution
of Project Gutenberg™ electronic works, harmless from all liability,
costs and expenses, including legal fees, that arise directly or
indirectly from any of the following which you do or cause to occur:
(a) distribution of this or any Project Gutenberg™ work, (b)
alteration, modification, or additions or deletions to any Project
Gutenberg™ work, and (c) any Defect you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many small
donations ($1 to $5,000) are particularly important to maintaining tax
exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.

Project Gutenberg™ eBooks are often created from several printed

editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.