My Quotes


When U were born , you cried and the world rejoiced
Live U'r life in such a way that when you go
THE WORLD SHOULD CRY






Tuesday, June 6, 2023

Microsoft Cybersecurity Reference Architectures

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟏 - 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 

o   Azure Active Directory: Password-less & MFA, Hello for Business, Authenticator App, FIDO2 Keys, Azure AD PIM, B2B & B2C. https://lnkd.in/grPgTT4R

o   Identity Protection: Leaked Credential Protection. https://lnkd.in/gdgMJZNF

o   Identity Governance: Identity, Access, and Privileged Access Lifecycle, Entitlement Management, Access Requests, Workflow, Policy and Role Management, Governance Enforcement. https://lnkd.in/gbVEWcQs

o   Defender for Identity: User Behavior and Activities, Investigate Alerts, AD FS Protection, Lateral Movement Detection. https://lnkd.in/g53ave8s

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟐 - 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬

o   Microsoft 365 Defender: Extended Detection and Response (#XDR). Endpoint, Office365, Identity, and more https://lnkd.in/gXFnX2PQ

o   Defender for Cloud: Cross Cloud XDR. https://lnkd.in/gZfP3QdF

o   Microsoft Sentinel: Cloud Native SIEM, SOAR. https://lnkd.in/gnd-6c-u

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟑 - 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐚𝐧𝐝 𝐃𝐞𝐯𝐢𝐜𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

o   Microsoft Endpoint Manager: Intune and Configuration Manager. https://lnkd.in/g4Vdfej2

o   Microsoft Defender for Endpoint: https://lnkd.in/g3KPMPCx

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟒 - 𝐇𝐲𝐛𝐫𝐢𝐝 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞

o   Defender for Cloud: Cross Cloud XDR. https://lnkd.in/gZfP3QdF

o   Azure AD App Proxy: Secure Remote Access. https://lnkd.in/g2DDNYUy

o   Azure Arc: Hybrid and Multicloud Management. https://lnkd.in/gtaiiPgM

o   Azure Stack: Hybrid and Edge Computing. https://lnkd.in/gvKNyKQD

o   Azure Firewall: https://lnkd.in/gVnVNJbB

o   Azure WAF: https://lnkd.in/gpQCgdNc

o   DDoS Protection: https://lnkd.in/gF796HMv

o   Azure Key Vault: https://lnkd.in/gqMuSJ4S  

o   Azure Bastion: Secure RDP/SSH, Secure VM. https://lnkd.in/gmdyEb5W

o   Azure Lighthouse: https://lnkd.in/gHHUVyJn

o   Azure Backup: https://lnkd.in/gzBpjFXs  

o   Express Route: https://lnkd.in/gGBtuq5m

o   Private Link: https://lnkd.in/gzZVJ_gY

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟓 - 𝐈𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧

o   Microsoft Purview: https://lnkd.in/g289yg_D

o   Compliance Manager: https://lnkd.in/gprm3xD4

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟔 - 𝐏𝐞𝐨𝐩𝐥𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

o   Attack Simulator: Simulation Training Platform. https://lnkd.in/g3xyhZff 

o   Insider Risk Management: https://lnkd.in/gfhxQEti

o   Communication Compliance: https://lnkd.in/gKJd4HRm

 

·       𝐃𝐨𝐦𝐚𝐢𝐧 #𝟕 - 𝐈𝐨𝐓 𝐚𝐧𝐝 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐓𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐲

Azure Sphere: IoT and OT Security Services. https://lnkd.in/gFMQRZB6 

Azure Tips

Useful resources for Azure developers and architects! Microsoft Azure has unveiled the App Service Landing Zone Accelerator, an open-source collection of architectural guidance and reference implementation to accelerate the deployment of Azure App Service at scale. Whether you're building new applications in the cloud or looking to modernize your existing web apps, this accelerator provides a simple and robust starting point!

  • 𝐒𝐞𝐜𝐮𝐫𝐞 𝐃𝐞𝐬𝐢𝐠𝐧 𝐏𝐫𝐢𝐧𝐜𝐢𝐩𝐥𝐞𝐬
    • With the App Service Landing Zone Accelerator, you can implement a range of secure design principles to protect your apps and data.
    • Use isolated network layers for the different components
    • Use protected Azure Active Directory-based access via Managed Identity
    • Use private endpoints for Azure services
    • Use Network Security Groups to control inbound and outbound traffic at the subnet level
    • Enable Standard DDoS Protection for the SPOKE

  • 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐃𝐞𝐬𝐢𝐠𝐧 𝐀𝐫𝐞𝐚𝐬
The accelerator encompasses various design areas, covering critical aspects of your app's architecture.

  • 𝐀𝐳𝐮𝐫𝐞 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬 𝐚𝐧𝐝 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬
Within the App Service Landing Zone Accelerator, you'll leverage a range of Azure features and services to enhance your app development process.


Read More:

I hope you find these resources helpful. Happy learning!

Saturday, October 22, 2022

An Event Aggregator acts as a single source of events for many objects. It registers for all the events of the many objects allowing clients to register with just the aggregator.

Benefits. Producers and consumers are decoupled. No point-to-point integrations. It's easy to add new consumers to the system

Here is the overall solution




How to Organize Events Flow in a Microservices Architecture



Numerous enterprise solutions based on the microservices architecture have an issue with generalizing event flow from different sources. A lot of solutions also have various providers, for example:

  • Azure Service Bus
  • Apache Kafka
  • RabbitMQ

Here we need a component with the ability to join event publishers and event subscribers

Another example that follows this principle is Azure Event Grid

 With the Event-Grid, you can join cloud resources that produce events (publishers) and resources that handle the events (subscribers).






Thursday, April 2, 2020

Trace the API call in Kibana (https://www.elastic.co/kibana)


  1.  Once you log in to Kibana, there are 5 important sections:
  2. Filter: Enter your API URI  ex:  /rest/getstock
  3. Filter by Time: Filter search to a particular time or date range
  4. Filter by Time: Filter search to a particular time or date range
  5. Add Filter
  6. Different API Fields are useful for searching purposes
  7.  Usecase 1: Search by http_status code
    • Step 1: Select the correct time on the top right.
    • Step  2: Left pan select the "Http_status_code" and press "Search Icon". It will automatically be added to the Add Filter   

  8. Use case 2: Search by API_KE
  9. Step 1: Select the correct time on the top right.
  10. Step 2: Left pan select the "api_key" and press "Search Icon". It will automatically be added to the Add Filter
  11. Use case 3: After setting all the filters needed, you want to check more details of the API: 
  12. Use Case 4: Want to show a visual representation of the error code. Let select http_status_code from the left pan and press "Visualize"


Saturday, January 25, 2020

API Proxy versus API Gateways

  • API Proxy

A proxy, in its most basic form, is an intermediary acting on behalf of something else. Similar to the legal concept of a proxy, an API Proxy acts on behalf of the API instead of an individual. In more technical terms, an API Proxy decouples the frontend of the API from the backend services and filters all incoming and outgoing traffic. The decoupling of front-end and back-end services allows for changes to be made to backend services without disrupting the production API. The filtering of incoming and outgoing traffic allows for monitoring, basic forms of security, request routing, and protocol translation.

  • Important Note

It is important to note that API Proxies require an existing API while some API Gateways can assist in building a new API.

  • API Gateway


API Gateways function in a similar way but have a much more robust set of features. Gateways perform the same functions as API Proxies, decoupling the frontend and backend of the API, monitoring, basic security, request routing, and protocol translation, but can also provide:


  • Advanced Security
  • Composition
  • Custom API
  • Load Balancing
  • Caching
  • Request Shaping and Management
  • Static Response Handling
  • Throttling



  • API Proxy versus API Gateway?

The use case for an API Proxy versus an API Gateway depends on what kinds of capabilities you require and where you are in the API Lifecycle. If you already have an existing API that doesn’t require the advanced capabilities that an API Gateway can offer than an API Proxy would be a recommended route. You can save valuable engineering bandwidth because proxies are much easier to maintain and you won’t suffer any negligible performance loss. If you need specific capabilities that a proxy doesn’t offer you could also develop an in-house layer to accommodate your use case. If you are earlier in the API lifecycle or need the extra features that an API Gateway can provide, then investing in one would pay dividends

API Proxy versus API Gateway


  • Notable API Gateways


https://www.axway.com/en/products/api-management/gateway
https://konghq.com/solutions/gateway/
https://aws.amazon.com/api-gateway/
https://azure.microsoft.com/en-us/services/api-management/
https://apigee.com/api-management/
https://github.com/Netflix/zuul
https://github.com/TykTechnologies/tyk

Tuesday, July 23, 2019

How to Prevent POODLE Attacks on AWS ELB And CloudFront

    What is POODLE?
  1. To maintain compatibility with legacy servers, many TLS clients implement a downgrade dance: in a first handshake attempt, offer the highest protocol version supported by the client;
  2. if this handshake fails, they retry (possibly repeatedly) with earlier protocol versions.
  3. Unlike proper protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers.
  4. So if an attacker that controls the network between the client and the server interferes with any attempted handshake offering TLS 1.0 or later, such clients will readily confine themselves to SSL 3.0.
  5. Encryption in SSL 3.0 uses either the RC4 stream cipher or a block cipher in CBC mode.
  6. RC4 is well known to have biases, meaning that if the same secret (such as a password or HTTP cookie) is sent over many connections and thus encrypted with many RC4 streams, more and more information about it will leak.
  7. Unlike with the BEAST and Lucky 13 attacks, there is no reasonable workaround.
  8. This leaves us with no secure SSL 3.0 cipher suites at all: to achieve secure encryption, SSL 3.0 must be avoided entirely.
    Disable the SSLv3 Protocol to handle POODLE attacks on Cloud Front
  1. Similarly to Amazon ELB, Amazon AWS has taken care of the issue disabling SSLv3 for the customers who use the default SSL settings.
  2. Nevertheless, customers who are using custom SSL certificates with Amazon Cloud Front should disable the SSLv3 protocol manually by following the steps below in the Amazon CloudFront Management Console:
  3. Select your distribution, then click “Distribution Settings”.
  4. Click the “Edit” button on the “General” tab.
  5. In the “Custom SSL Client Support” section, select the option that says: “Only Clients that Support Server Name Indication (SNI)”.
  6. Click “Yes, Edit” to save these revised settings.
    Disable the SSLV3 Protocol to handle POODLE on Amazon AWS ELB
  1. All the ELBs which are created after 10/14/2014 5:00 PM PDT will use a new SSL Negotiation Policy that will by default no longer enable SSLv3.
  2. For the existing ELBs, it’s necessary to manually disable SSLv3 via the AWS Management console:
  3. Select your load balancer (EC2 -> Load Balancers) in the appropriate region
  4. In the Listeners tab, click “Change” in the Cipher column.|
  5. Ensure that the radio button for “Predefined Security Policy” is selected, in the dropdown select the “ELBSecurityPolicy-2014-10” policy.
  6. You can see the Protocol-SSLV3 is unchecked after selecting the policy.
  7. Click “Save” to apply the settings to the listener
  8. Repeat these steps for each listener that is using HTTPS or SSL for each LoadBalancer.