Please see an updated version of this blog article

Microsoft 365, Azure Microsoft Teams, Power Apps, Power Apps, Project Cortex & SharePoint

Azure

Azure Security recommendations to avoid Cyberattacks on your Azure Deployments

ByRez Khamis

Apr 1, 2017 #Azure Security Center

An interesting article was put out this week on a real-world attack campaign that was detected by the Azure Security Center (ASC) team with some recommendations on how to prevent similar attacks on your environment.  I’ve listed some of the simple steps from this article you can perform on your own to prevent the same thing happening to you.

First thing you should do is spend that extra little bit of money (right now $15/month) to configure your Azure subscription(s) to receive alerts and email notifications from the Microsoft Azure Security Center. This involves upgrading from ASC “Free” (basic detection) tier to ASC “Standard” (advanced detection) tier which is a worthwhile cost to protect yourself from such attacks.  This Standard tier of Security Center includes:

  • Threat intelligence – Looks for known bad actors by using global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit, the Microsoft Security Response Center, and external feeds
  • Behavioral analysis – Applies known patterns to discover malicious behavior
  • Anomaly detection – Uses statistical profiling to build a historical baseline. It alerts on deviations from established baselines that conform to a potential attack vector

To enable it:

  1. Select the Policy tile on the Security Center blade.
  2. Select the subscription that you want to upgrade to Standard.
  3. On the Security policy blade, select Pricing tier.
  4. On the Choose your pricing tier blade, select Standard.
  5. Click Select.

 

Other precautions the article mentions are as follows:

  1. Disable ‘sa’ account and use the more secure Windows Authentication for your Azure SQL server instance
  2. Rename the ‘sa’ account for your Azure SQL server instance
  3. Ensure that ‘xp_cmdshell’ is disabled
  4. Configure a Rule to block 1433 in Network Security Group
  5. Inspect all stored procedures that may have been enabled in SQL and look for stored procedures that may be implementing ‘xp_cmdshell’ and running unusual command

Reference the full article for step by step and screenshots on how to do each step listed above.

 

By Rez Khamis

Related Post

.NET Azure Office 365 User Groups

Microsoft related Azure, Office 365 and Dynamics User Groups in the Greater Toronto Area

Jul 31, 2019 Rez Khamis
Azure Events Microsoft Flow Microsoft Teams Office 365 OneDrive SharePoint

Join me at MS Ignite Tour in Toronto and learn to build a bot for Microsoft Teams, setup approval workflows in OneDrive and use modern list formatting in SharePoint

Jan 1, 2019 Rez Khamis
Azure Events Office 365

Toronto Microsoft Insider Dev Tour – Create Productive Apps with Office 365

Jun 8, 2018 Rez Khamis

Leave a Reply

Your email address will not be published. Required fields are marked *