Browsed by
Author: Amal Mammadov

Azure Storage

Azure Storage

Performance Tiers When creating a storage account, you must choose between the Standard and Premium performance tiers. This setting cannot be changed later. Standard This tier supports all storage services: blobs, tables, files, queues, and unmanaged Azure virtual machine disks. It uses magnetic disks to provide cost-efficient and reliable storage. Premium This tier is designed to support workloads with greater demands on I/O and is backed by high performance SSD disks. They only support page blobs, and do not support…

Read More Read More

Tagging Azure Resources

Tagging Azure Resources

Tag Limits Not all resource types support tags. This means that you will not be able to apply tags to everything in Azure. A resource or resource group is limited to 15 tags. Each resource can have different tags. Tag names cannot exceed 512 characters. For storage accounts, tag names are limited to 128 characters. Tag values cannot exceed 256 characters. VMs cannot exceed 2048 characters for all tag names and values combined. Tags are not inherited by child resources….

Read More Read More

Decode Windows Autounattend.xml password using PowerShell

Decode Windows Autounattend.xml password using PowerShell

Recently I needed to recover the password that I forgot from Windows unattended installer file Autounattend.xml. Password is stored in this file as Base64 encoded value which can be easily decoded with following lines of PowerShell script. $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText To encode using PowerShell: $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText

Securing Azure Storage Account

Securing Azure Storage Account

In this post, we will look into possible options to secure an Azure storage account. I will describe security following two security controls Network-level security Access Security Storage Account Access Keys Access Keys Shared Account Signatures Encryption Azure Storage automatically encrypts your data with 256-bit AES encryption. Data in Azure Storage is encrypted and decrypted transparently. Azure Storage encryption is enabled for all new and existing storage accounts and cannot be disabled. All Azure Storage account tiers and deployment models…

Read More Read More

Secure DevOps Kit for Azure

Secure DevOps Kit for Azure

Today we will look at how to install and run Azure infrastructure assessment using Secure DevOps Kit for Azure which is developed by Microsoft to secure its Azure infrastructure. $PSVersionTable Install-Module AzSK -Scope CurrentUser Install-Module AzSK -Scope CurrentUser -AllowClobber Get-Module -Name Az.* -ListAvailable   The cmdlet below scans all Azure resources in the specified resource groups within a subscription and generates a status report: Get-AzSKAzureServicesSecurityStatus -SubscriptionId <SubscriptionId> -ResourceGroupNames <ResourceGroupNames> The parameters required are: SubscriptionId – Subscription ID is the identifier…

Read More Read More

Azure AD Roles

Azure AD Roles

There are three main types of administrative/security roles for Azure. These include classic subscription administrator roles, Azure role-based access control (RBAC) roles, and Azure AD administrator roles. Classic subscription administrator roles: – Historical administrator: Roles which were originally used by Azure Service Manager – Account administrator: Can manage/create/cancel subscriptions and change service administrator – Service administrator: Can manage services within the Azure portal and co-administrators – Co-administrator: Same permissions as service admin, but cannot manage classic admin roles Azure role-based…

Read More Read More

Configuring F5 Big-IP Web Application Firewall (WAF)

Configuring F5 Big-IP Web Application Firewall (WAF)

I decided to share my experience in configuring F5 devices. This is the first of my articles about the configuration of F5 Big-IP WAF and Balancer solutions. 1. F5 Big-IP ASM Module WAF functionality in F5 devices is implemented by ASM Module which needs to be additionally enabled on balancers after installation of the respective licenses. This module adds a new “Security” menu to the F5 balancer’s main menu and all WAF related troubleshooting and manipulations are possible under this…

Read More Read More

DNS Security – DNSSEC

DNS Security – DNSSEC

Technorati Tags: 70-744 DNSKEY This record stores the public key that is used to crytographically validate signed DNS records. In public key infrastructure (PKI), the DNS server signs the records with its private key, and validates the records’ integrity by using its corresponding public key. Note that in DNSSEC it’s the DNS server that performs the record validation on behalf of DNS clients. Technorati Tags: dnssec RRSIG This record is the digital signature for a particular DNS record. If a…

Read More Read More