| Table of Contents |
|---|
...
Microsoft server software always had higher security risks than other architectures < see Fidelity issues 2012 & the Microsoft Certification Environment
compare microsoft azure security tools to other vendor options on pros, cons, costs, security open standards support
security risks using microsoft azure security - many of these exist on other platforms as well
- Unauthorised access: Bad actors can use stolen subscription credentials to run harmful scripts.
- Data breaches: These can be caused by application vulnerabilities or storage container misconfigurations, which can lead to unauthorized access or data leakage.
- Misuse of platform access: Azure administrators should be aware of this risk.
- Insider threats: These can include employees with existing permissions.
- Access token abuse and leakage
- Lateral movement from compromised workloads
- Compromised third-party partners with privileged permissions
- Credentials theft
- Reconnaissance with search engines
- Data collection by blob hunting
- Microsoft Entra ID complexity
- Azure Container Registry and AKS vulnerabilities
- Encrypt sensitive data at rest and in transit
- Implement secure coding practices
- Regularly patch and update applications
- Use Azure Key Vault for secure key management
- Employ Azure Security Center for continuous monitoring and threat detection
- Lock down management ports
- Scope permissions tightly using tools like Privileged Identity Management
- Segment your network properly with private endpoints, service endpoints, and network security groups
- Continuously monitor activity logs
- Perform penetration testing
VPN Security Challenges or Zero Trust NA - Network Access
...
VPNs improve wifi security
Many of these mobile workers use public Wi-Fi to access corporate data, and more than one-third never use a VPN to protect their data even though two-thirds are concerned about public Wi-Fi security, according to a survey by iPass. VPN remains a viable option for securing data transferred over public Wi-Fi.
VPN risks
Are VPNs safe? Admittedly, there are security risks associated with VPNs. These include VPN hijacking, in which an unauthorized user takes over a VPN connection from a remote client; man-in-the-middle attacks, in which the attacker is able to intercept data; weak user authentication; split tunneling, in which a user is accessing an insecure Internet connection while also accessing the VPN connection to a private network; malware infection of a client machine; granting too many network access rights; and DNS leak, in which the computer uses its default DNS connection rather than the VPN’s secure DNS server.
...
see gdoc details here on crowdstrke
I've been part of a similar upgrade failure across a network. Briefly, there were clear operations failures in policy, procedure and performance by CrowdStrike and Delta. That said, PART of the problem was clearly the quality of the older Microsoft software that always had poor engineering quality. While that specific risk probably does not exist in current Microsoft software, as someone who managed a Microsoft production environment, I overcame Microsoft software quality problems with operations controls on testing, deployment. Thinking forward, there are architecture gaps in software stacks that can be addressed with a new quailty standard and related automated audits to validate the quality. I have yet to see some key in depth engineering strategies to improve software reliability that would make a dramatic impact on runtime quality management. A lot more to be done by all parties.
https://www.forbes.com/sites/ariannajohnson/2024/07/19/crowdstrike-update-heres-what-you-should-do/
...
6 sigma quality for SMPE - Service Management Policy Effectiveness for prevention, remediation of service quality problems
6 sigma - a process being 99.9997% defect-free
Six Sigma is a set of tools and methodologies that businesses use to improve processes by reducing defects and errors, minimizing variation, and increasing quality and efficiency. The goal is to achieve a level of quality that is nearly perfect, with only 3.4 defects per million opportunities (DPMO), which is considered a "six sigma" level. This level of performance equates to a process being 99.9997% defect-free
https://www.simplilearn.com/what-is-six-sigma-a-complete-overview-article
Aggregated service quality calculations
Assume a primary service has up to 50 dependent services it invokes processing all it's apis in the contract
Every individual service is rated very high quality ( eg .999 reliability )
The aggregated quality shows the consolidated impact of 50 services that all have that quality rating
| aggregate quality | service quality | service count |
| 0.7783125571 | 0.995 | 50 |
| 0.9512056282 | 0.999 | 50 |
| 0.952157786 | 0.999 | 49 |
| 0.9426362081 | 0.99 | 1 |
the aggregated quality of consolidated services is very low
key points
- aggregated service quality is below each individual service quality
- how do we measure the service quality of each individual service
Candidate Solutions
Open-source security Tools
...