Part I: Zero Trust Cloud Security
Chapter 1. Reduce Cybersecurity Vulnerabilities from the Identity Layer In this chapter you learn the foundation of Azure active directory and quickly expand on the different capabilities for custom domains to manage Azure Subscriptions and why Identity is the security perimeter in the cloud. Azure directly supports IAM (Identity Access Management), for any size organization as the IT cloud supports secure connection from any device and any location. In this chapter you gain insight into IAM challenges for blue team defense of cyber security attacks.
* Azure cloud relations to: Azure Tenant, Azure Subscription, Azure AD
o Azure tenant security
o Azure subscription security
o Azure API security
o Azure resource locks
* Managing Azure Active Directory: Users, and Groups
* Azure Active Directory OAuth, SAML, AD Connect
* Security measures:
o Azure Application Permission Scopes, consent
o Configure Multi-Factor Authentication
o Conditional Access Policies
* Configure Azure AD Privileged Identity Management
Chapter 2 Azure Network Security Configuration Software defined network is titled VNet in Azure and introduces new security challenges for cloud security architect when it comes to isolate data and still allow secure communication from valid users, applications and systems. In this chapter you learn security supported networking in Azure with the guides to present TCP/IP, protocol communication ports and what Azure security services are available to learn about notable tactics, techniques and procedures (TTPs) that can be exploited by Advanced Persistent Threats (APT). You learn VNet recommendations to mitigate misconfigurations and provide detection on Incidents of Compromise (IOC) like forensic evidence of potential intrusions.
* Virtual Networks, VNets, Network Peering
* NSG, Port vulnerability, OSI / TCP Model
* Azure Firewall Configurations
* Azure Front Door Service
* Application Security Groups
* Remote Access Management
Chapter 3 Reduce Cybersecurity Vulnerabilities from IaaS and Data Operational frameworks and cyber security frameworks work hand-in-hand to support the business. The framework helps to prepare and enable steps to prevent penetration from globally attacks. In this chapter you learn through examples about advanced persistent threats (APT) using techniques, tactics and procedures to reduce risk to specific threats.
* Harden Azure VMs
* VM Security
* VM Endpoint Security
* VM OS security updates
* Database configurations (Best Practices)
o Authentication
o Auditing
o SQL Advanced Threat Protection
* Storage Accounts (data access)
* Key Management (best practices)
* Azure Files authentication
* Shared Access Signatures (SAS)
* HDInsight Security
Part II: Azure Cloud Security Operations (Red Team / Blue Team) (150 pages)
This section of the book is focused on identifying the vulnerabilities from a Red Team perspective (aka Black Hat) and how the Blue Team (White Hat) could defend from the attack. The topics are the same but the Red teams view to help train the Blue teams defense on specific cloud targets. During the chapters in Part II the reader is guided through many attack matrix from https://attack.mitre.org/ and C2Matrix examples of attackers and their attack techniques.
Chapter 4 Configure Azure Monitoring for Blue Team Hunting In this chapter readers learn about monitoring the availability of applications and services provide the insight on all Azure services from VM, to containers and cloud services specific to Microsoft Azure. Logs are divided into two functional types, Metrics, and logs. Azure has continued to expand insight by collecting this data and displaying in for alerts and management datapoints to respond appropriately.
Data collected includes tenant and subscription data in attrition to all Azure resources. Metrics are near real time data (review using Metrics Explorer), reviews data at a specific point of time. Logs have different properties based on the type of logs. Streamed to an Analytics workspace for Alerting and review information over long periods of time.
* Azure Monitor enablement
* Logs sources and types of logs
* Diagnostic logs & retention
* Azure analytics
* Privileged Identity Management Configuration
* Monitor Privileged Access Best Practices
* Manage API access Best Practices
* Manage Azure subscription transfers (M&A activities)
Chapter 5 Azure Security Center Configuration Azure Security Center was introduced in the First Editions, and the reader continues their journey with a deep dive on considerations for reducing other security tools. You learn how to ingest log files from Azure environment and auto discover IaaS resources to reduce the shadow IT expansion. In this chapter the Cyber Security Kill Chain is front-and-center as you learn to configure alerts on known exploits. Again the reinforcement of the Attack Matrix is used to correlate and guide the Cloud Operations team into Cloud Security Operations.
* Configuration cost (consolidation considerations)
* Enable security:
o Network
o VMs
o Database
o BLOBs
* Data Protection
* Configure Alerting
* Central policy management with Security Center
* Just in Time VM access with Security Center
* Azure Sentinel
Chapter 6 Azure Kubernetes Service and Container Security A NEW chapter in the second edition, takes the reader beyond the introduction to Kubernetes, it guides them on why containers are not secure by default. You learn container weakness and how to mitigate with security controls to secure Azure containers and the Azure Kubernetes Service (AKS).
You learn to use Azure Security Center to identify the different Alerts from a Windows OS and Linux OS running in Azure IaaS configuration. Threat protection with Security Center expands the benefits of a cloud-native solution and you learn how using the security controls support your companies Cyber Security Framework.
* Container Network Configuration
* Authentication
* Container isolation
* AKS Security focus
* Securing the container registry
* Container vulnerability management
Chapter 7 Security Governance Operations A NEW chapter that uses many exercises to provide Azure Policy definition structure and readers learn how the policies take effect on users based on business rules. The exercises examples help readers evaluate the impact and what the logical evaluation of an Azure policy and how to customize the JSON policy definitions. Additional policies apply directly to Azure Kubernetes Services (AKS), to support the Information Security Officers team goals of improved security controls and reporting.
* Azure Policies (overview)
o Assignments
o Definitions
o Blueprints
* Compliance reports
* Configure Azure Monitor
o Diagnostic logging
o Log retention
o Vulnerability scanning
* Data Management
o Classification
o Retention
o Sovereignty
Appendix A (10-20 pages) * Azure Penetration Testing Configuration
Appendix B (10-20 pages) * Configure an Azure Cloud Cyber Security lab for education
