Yesterday I had the opportunity to speak at the Granite State Code Camp (#gscc) in Burlington, MA. As part of my series of talks on Running Azure Securely, my talk today was around defense in depth and was called Running Azure Securely – which of these Azure security features are for me?. The session was interactive, engaging a third-of-a-dozen folks in the audience in a discussion of how to defend various workloads using the (fictitious) page of photos app as a foil.
Slide deck attached.
Also perhaps of interest – a similar talk from the other Burlington – at the recent VT Code Camp – which has a few add’l resources listed: https://blog.codingoutloud.com/2019/09/28/talk-running-azure-securely-are-all-these-security-features-for-me/
On 22-Oct-2019 I spoke at Boston Azure about network security and focused on some of the edges of using Azure DNS, and included some DNS subdomain hijacking awareness.
dig CNAME bostonazuredemo.azuresecurely.com +short
will check public DNS records for a CNAME, returning whatever it is mapped to, if anything.
In the above screenshot:
- nothing returned from dig – this is before any DNS entry was created for the demo subdomain
- a cascade of CNAMES are returned from dig – this is after a DNS entry was created for the demo subdomain – and it pointed at an Azure Web App — the cascade here includes my subdomain => an azurewebsites.net subdomain (bostonazuredemo.azurewebsites.net) => a second azurewebsites.net subdomain (waws-prod-dm1-139.sip….) => a cloudapp.net domain => and finally an IP address
- a single CNAME is returned from dig – this is after the Azure Web App was deleted (), but the DNS subdomain entry (bostonazuredemo.azuresecurely.com) was left intact – creating a dangling subdomain at risk of being hijacked — anyone who registered bostonazuredemo.azurewebsites.net (and it was open for anyone) would automatically have bostonazuredemo.azuresecurely.com already wired up to it.
- a cascade of CNAMES are returned from dig – but different than the first – this is after bostonazuredemo.azurewebsites.net was registered again, by a hacker, and bostonazuredemo.azuresecurely.com was hijacked
Some other notes from the session:
Subdomain takeover examples:
Today I had the opportunity to speak at SQL Saturday #877 in Burlington, MA. As part of my series of talks on Running Azure Securely, my talk today was Running Azure SQL Database Securely and applied to Azure SQL DB and Azure SQL DB Managed Instances.
Some Resources Mentioned
Running Azure SQL DBs Securely – Bill Wilder – SQL Saturday #877 – 14-Sep-2019
If you know your way around SQL Server, then you will find Azure SQL Database to be familiar territory. But some aspects are more familiar than others, which is especially true for security-related differences.
In this session we review the key differences around identity management and authentication (including multi-factor authentication), managing server credentials (or, even better, not needing to in some cases), how to audit logins (probably not what you expect), an overview of encryption and data masking options, and the supporting role of Azure Key Vault. We will also touch on compliance and disaster recovery to give the complete picture of powerful features you’ll definitely want to know about to protect your data.
This talk will cover relevant capabilities for both traditional Azure SQL Databases and the newer Azure SQL Managed Instances.
This talk assumes you are already familiar with SQL Server or another enterprise database.
(Credit Taiob Ali @SqlWorldWide)
We had a great event at MIT on Saturday 27-April-2019 — the Boston Azure edition of the Global Azure Bootcamp hosted at MIT. There were lots of great session contributions – making this a true community effort.
Big thank you to local organizers Olimpia (@olimpiaestela), Veronika (@breakpointv16), Gladis, and Maura (@squdgy). We all worked closely with Jason (@haleyjason) who ran the Burlington MA event. And don’t forget those folks at the Global Azure Bootcamp level providing a platform making this possible for a coordinated day of #Global Azure cloudiness (https://global.azurebootcamp.net/).
The thanks continue with sponsors: MIT Women in Technology, Insight (formerly Blue Metal – https://www.insight.com/en_US/solve/digital-innovation.html), Finomial, and the Global Sponsors (https://global.azurebootcamp.net/sponsors/).
And a big thank you to the speakers – all who gave up a chunk of weekend to join us on a Saturday to share their knowledge (in order of appearance):
Attached are my slides:
The above graphic is from here: https://docs.microsoft.com/en-us/azure/event-grid/overview#event-sources
Here are some more links of interest:
- Some collected links (some repeated below): https://github.com/codingoutloud/bostonazurebootcamp2019/blob/master/README.md
- C# Script is real – not a hoax! 🙂 – https://msdn.microsoft.com/en-us/magazine/mt614271.aspx
- Azure Functions support C# Script (.csx files) – but also regular compiled C# (.cs on .NET Core)
- Example Azure Function written in regular compiled C#: https://github.com/codingoutloud/opstoolbox (especially https://github.com/codingoutloud/opstoolbox/blob/master/SslCertificateExpirationChecker.cs)
- Here are some example uses of the above:
- Event Grid:
- “Slide” I showed is below – it is from here: https://docs.microsoft.com/en-us/azure/event-grid/media/overview/functional-model.png
- Combine Azure Logic Apps with Azure Functions – https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions#add-function-logic-app
- Similar to “follow-along lab” that tied together Subscription changes to an Azure Function using EventGrid
- Azure Blockchain Workbench:
On Tuesday evening 27-Mar-2018 I had the pleasure of speaking to the Nashville Azure group about keeping workloads safe in the Azure cloud. Was a great group with a lot of interesting questions and dialog. They even helped to answer each others’ questions when I didn’t have answers, which is the best outcome of all.
For those interested in the deck I used, please find it below.
Spoke today to a small crowd of hardy soles who braved the snow to make it to SQL Saturday 694 – Providence – held at nearby Bryant University in Smithfield.
My slides are included below.
Azure SQL DB – Not Just A Cloud Version of SQL Server – SQL Saturday RI – 09-Dec-2017
We first looked at how we might solve a random StackOverflow question using Azure Logic Apps, Azure Function Apps, the nifty PhantomJsCloud.com service, and a look at how a little Cognitive Service action could be woven in. A random walk around other Azure features followed. Some reactions were memorable – my favorite, because I completely agree: Why would I ever want to run my own SharePoint instance when the Office 365 service is available? And a bunch of other good questions.
Tonight I spoke at the North Boston Azure group and covering serverless concepts by looking at Logic Apps, Function Apps, and a couple of powerful/easy features of Web Apps (authentication via AAD/Twitter & CD via Github).
Before I posted the slides (see below), I needed to clean up the 1000+ emails I spammed myself with from my Logic App demo. (Doh!)
The slides are available for review here:
Tonight I was pleased to have the opportunity to demystify Azure Logic Apps & Functions for the Granite State SharePoint Users Group. Here is the slide deck I used to present:
Speaking at the “stimulation rich” Microsoft Store — photo credit: @jfj1997 Julie Turner
By the time I turned off the Twitter => Slack Logic App, a lot of messages were posted (in the #demo channel within Boston Azure slack account – which is open – join here):
I will be giving a longer and more general version of this talk at the SharePoint Saturday New England 2017 event on Sat Oct 28 in Burlington MA.
Also planning other variants of this talk in the coming weeks:
- Azure Functions at Boston Azure – Thu Sep 14 in Cambridge MA (NERD)
- Serverless Azure at VT Code Camp – Sat Sep 16 in Burlington Vermont
- Serverless Azure at North Boston Azure – Tue Sep 26 in Burlington MA
- Logic Apps Thu Oct 5 at NE Microsoft Dev Group
- Serverless Azure at SharePoint Saturday NE event mentioned above Sat Oct 28 in Burlington MA
Last night’s Boston Azure meetup featured two talks – No App Left Behind by Kevin Brown of SoftNAS after an opening talk on Logic Apps by me. My slides are below.
I did not have time to show it, but the Slack => Email process did succeed. I saw this later when I checked my email. Subject: bill-tux-full.png, Body: 1504739903F6YKE996C bill-tux-full.png bill-tux-full.png. And you can see the photo for yourself in the Boston Azure slack #demo channel.
If you’d like to learn more about Serverless Azure, check out these upcoming talks: Azure Functions and Logic Apps Thu Sep 7 in NH, Azure Functions Thu Sep 14 in Cambridge MA (NERD), and various playing of Serverless Azure (Azure Functions and Logic Apps) on Sat Sep 16 in Burlington Vermont, Tue Sep 26 in Burlington MA, and (if my talk is accepted for the Sharepoint event) Sat Oct 28 in Burlington MA.
As always, please let me know if you are interested in more talks at Boston Azure. 🙂