Tripwire Blog – Ben Layer
1) Identity Management with Azure Active Directory Like before, itâs crucial that multi-factor authentication is being used wherever possible in order to combat attacks from phishing and lost or compromised credentials. At a minimum, any Azure Active Directory user with an administrative role or the ability to create and alter resources should have multi-factor authentication enabled. Enable password policy settings to ensure complex passwords.
2) The Microsoft Azure Security Center 2) The Microsoft Azure Security Center It is important to enable virtual machine security data collection by default via the automatic provisioning of monitoring agent function. You should make a habit of reviewing the Recommendations tab within the Security Center blade in order to ensure no active security tasks exist and that any recommendations have been considered and implemented where possible.
Lastly, consider upgrading from the Free Azure security tier to the Standard tier for enhanced security options. This does come at a cost, but it allows threat detection on virtual machines and databases.
3) Networking with Microsoft SQL Server Itâs critical to limit exposure to brute force attacks by limiting access to ssh and rdp in your Network Security Groups. This advice is the same no matter the platform; donât open ports 22 or 3389 to the open internet.
4) Logging with Ample Storage Retention There are multiple logging capabilities within Microsoft Azure, and it is important to utilize them for security auditing and compliance. Ensure that you have enabled Activity Log storage, which we will further use to create monitoring alerts for various behaviors. (See below.)
Additionally, each Network Security Group should have flow logging enabled, and each SQL Server Database should have database auditing enabled. 5) Monitoring with Activity Log Alerts Activity Log Alerts should be created for the following events: Create Policy Assignment Create or Update Network Security Group Delete Network Security Group Create or Update Network Security Group Rule Delete Network Security Group Rule Create or Update SQL Server Firewall Rule Delete SQL Server Firewall Rule Create or Update Security Solution Delete Security Solution Update Security Policy 6) Cloud Storage Account Security Storage Account keys should be periodically regenerated to mitigate the risk of compromised access keys. Shared Access Signatures should be used only with secure transfer and should have expiration times of eight hours or less so that access is not granted indefinitely.
7) Virtual Machine Security Data One unique facet of Azure virtual machine security is the virtual machine agent that gathers security data as mentioned above. Keeping the agent running ensures a proper overview of your assets.
8) Microsoft SQL Server Azure Integration At a minimum, it is important to set your SQL Server Firewall with the tightest policy possible and to enable audit logs for insight into security breaches or possible misuse of information.
Link: https://www.tripwire.com/state-of-security/security-data-protection/securing-azure-best-practice-fundamentals/