Azure Security Training Day

[English Below]

Bonjour,

Le Mardi 23 Juin, j’aurai le plaisir de faire parti du panel d’experts invités lors du « Azure Security Training Day ».

The need for stronger cloud security has never been greater. During this free one-day event, you will learn about the latest Azure security tools and best practices to better understand the breadth of security controls available to help protect your workloads.

Deep dive into Azure Sentinel, Azure Security Center, and Azure Network Security and learn how to mitigate threats; increase your security posture; and secure your apps, data, and network across cloud and hybrid environments. You will also have the opportunity to connect with Azure security experts and peers to ask questions, exchange ideas, and build your network.

Au programme:

SessionSpeaker
WelcomeKevin Magee, Chief Security & Compliance Officer, Microsoft Canada
Azure Security Strategy + Top best security practices for Azure todayScott Woodgate, Senior Director, Azure Marketing, Microsoft
Microsoft and customer security panelsStuart Dankevy, Enterprise Security Executive, Cybersecurity Solutions Group, Microsoft
Featuring: RBC Royal Bank and Government of Canada
Modernize your SIEM in the cloud with Azure SentinelAdwait (AJ) Joshi, Director of Product Marketing for Azure Security, Microsoft
Azure Confidential ComputingGraham Bury, Principal Program Manager, Confidential Compute, Microsoft
Richard Curran, Security Officer , Datacenter Corporate Group Sales, Intel Corporation
Call to ActionKevin Magee, Chief Security & Compliance Officer, Microsoft Canada

Pour vous inscrire: https://info.microsoft.com/CA-AzureSec-WBNR-FY20-06Jun-23-AzureSecurityTrainingDay-SRDEM21240_COVID19_LP01Registration-ForminBody.html

Maxime.


Hello,

I will have the pleasure to be member of the expert panel during the Azure Security Training Day (June 23, 2020)

The need for stronger cloud security has never been greater. During this free one-day event, you will learn about the latest Azure security tools and best practices to better understand the breadth of security controls available to help protect your workloads.

Deep dive into Azure Sentinel, Azure Security Center, and Azure Network Security and learn how to mitigate threats; increase your security posture; and secure your apps, data, and network across cloud and hybrid environments. You will also have the opportunity to connect with Azure security experts and peers to ask questions, exchange ideas, and build your network.

Agenda:

SessionSpeaker
WelcomeKevin Magee, Chief Security & Compliance Officer, Microsoft Canada
Azure Security Strategy + Top best security practices for Azure todayScott Woodgate, Senior Director, Azure Marketing, Microsoft
Microsoft and customer security panelsStuart Dankevy, Enterprise Security Executive, Cybersecurity Solutions Group, Microsoft
Featuring: RBC Royal Bank and Government of Canada
Modernize your SIEM in the cloud with Azure SentinelAdwait (AJ) Joshi, Director of Product Marketing for Azure Security, Microsoft
Azure Confidential ComputingGraham Bury, Principal Program Manager, Confidential Compute, Microsoft
Richard Curran, Security Officer , Datacenter Corporate Group Sales, Intel Corporation
Call to ActionKevin Magee, Chief Security & Compliance Officer, Microsoft Canada

Register: https://info.microsoft.com/CA-AzureSec-WBNR-FY20-06Jun-23-AzureSecurityTrainingDay-SRDEM21240_COVID19_LP01Registration-ForminBody.html

Maxime.

Communauté Azure Québec | Channel Youtube

[English below]

Bonjour,

Je profite de cet article afin de vous annoncer la création d’un channel Youtube pour la Communauté Microsoft Azure Québec.

N’hésitez pas à nous solliciter si vous souhaitez faire une conférence avec nous!

Maxime.


Hi,

I’m very happy to announce the creation of a new Youtube channel for the Microsoft Community of Azure Quebec.

Do not hesitate to contact us, we are looking for new speaker!

Maxime.

AKS | CNI security vulnerability in older AKS clusters and mitigation steps

Hi,

In this article, I would like to share with you a security notice about a new security vulnerability. This vulnerability has been identified in the container networking implementation (CNI) in CNI plugin versions v0.8.6 and older that may affect older AKS clusters.

Details

An AKS cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.

This vulnerability has been given an initial severity of Medium with a score of 6.0.

Vulnerability analysis and verification

All AKS clusters created or upgraded with a Node Image Version later or equal than “2019.04.24” are not vulnerable, as they set net.ipv6.conf.all.accept_ra to 0 and enforce TLS with proper certificate validation.

Clusters created or last upgraded before that date are susceptible to this vulnerability.

You can verify if your current Node Image is vulnerable by running: https://aka.ms/aks/MitM-check-20200601  on a machine that has CLI access to the cluster’s nodes.

Windows nodes are not affected by this vulnerability.

Mitigation

If you identify nodes that are vulnerable, you can mitigate the vulnerability by performing a cluster upgrade using the following command:
$ az aks upgrade -n <cluster name> -g <cluster resource group> -k <newer supported kubernetes version>.

In addition, a permanent fix for this CVE is available at: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 . AKS is rolling out this fix on the most recent VHD version.

Source: https://azure.microsoft.com/en-gb/updates/cni-security-vulnerability-in-older-aks-clusters-and-mitigation-steps/

Maxime.