Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Azure Security Assessments

Teri
April 09, 2019

Azure Security Assessments

Find out what you can do to assess the security of your Azure account.

Teri

April 09, 2019
Tweet

More Decks by Teri

Other Decks in Technology

Transcript

  1. @SheHacksPurple @TeriRadichel ~ 25 years in tech professionally Spammed +

    hacked => security focus Taught myself to program, age 12. Cloud security ~ AWS Hero, SANS Landed in networking + telecom Helped Capital One move to cloud Moved to programming Master of Infosec Engineering, GSE Master of Software Engineering 2nd Sight Lab ~ Cloud Security Web + E-commerce Business Training, Assessments, Pentesting Teri Radichel
  2. @SheHacksPurple @TeriRadichel https://aka.ms/Azure-PIM “PIM essentially helps you manage the who,

    what, when, where, and why for resources that you care about. ”
  3. @SheHacksPurple @TeriRadichel • Set scope; only test what is in

    scope • Verify account structure, Identity and Access Control, follow best practices • Set Azure Policies, according to your org’s needs • Turn on Azure Security Center, for all subscriptions • Use Cloud Native Security features: Threat Detection and Adaptive Application Controls, File Integrity Monitoring, Just in Time (JIT) & PIM • Follow Networking best practices; NSGs, Routes, Access to compute and storage, Network Watcher, Azure Firewall, Express Route and Bastion Host • Always be on top of your alerts and logs for Azure WAF and Sentinel • VA everything, especially your SQL databases • Encryption, for your disks and data (in transit and at rest) • Monitor all that can be monitored • Follow the Azure Security Center Recommendations • THEN call a PenTester. :)
  4. @SheHacksPurple @TeriRadichel Articles & Videos • https://medium.com/microsoftazure/pentesting-azure-thoughts-before-reading- matts-book-4609d14fb61d • https://medium.com/microsoftazure/pentesting-azure-the-report-3bf32fc3d12e

    • https://youtu.be/NHt9KKP3mPg • https://www.cisecurity.org/cis-benchmarks/ • https://www.cisecurity.org/blog/cis-microsoft-azure-foundations-benchmark-v1-0- 0-now-available/ Resources
  5. @SheHacksPurple @TeriRadichel (Follow us?) Tanya Janca Twitter: @SheHacksPurple medium.com/@SheHacksPurple https://dev.to/SheHacksPurple

    YouTube.com/SheHacksPurple Teri Radichel Twitter: @TeriRadichel medium.com/cloud-security https://2ndsightlab.com slideshare.net/TeriRadichel THANK YOU