Hi!
I had the pleasure to be speaker for the Global Azure – Quebec City. Please find below my presentation about Azure Defender in Action!
Video Recording – https://www.youtube.com/watch?v=duLWAq6egiQ&t=3810s
Maxime.
Hi!
I had the pleasure to be speaker for the Global Azure – Quebec City. Please find below my presentation about Azure Defender in Action!
Video Recording – https://www.youtube.com/watch?v=duLWAq6egiQ&t=3810s
Maxime.
Bonjour,
Dans le cadre de l’émission Visual Studio Talk Show organisée par Mario Cardinal et Guy Barrette, j’ai eu le plaisir d’enregistrer un épisode sur la thématique « SecOps ».
Vous pouvez retrouver l’enregistrement ci-dessous: https://visualstudiotalkshow.libsyn.com/0254-maxime-coquerel-secops
Maxime.
Hi!
In this article, I will show you how a malicious actor can leverage the Azure Managed Disk Import / Export feature to exfiltrate data outside of your organization. By default, in Azure all the Azure Disks are configured with a public endpoint enabled.
You can generate a time bound Shared Access Signature (SAS) URI for unattached managed disks and snapshots for exporting the data to other region for regional expansion, disaster recovery and to read the data for forensic analysis. When the URI is generated, you need to define an expiration time (maximum expiration time 4294967295 seconds). After that, everyone who knows the SAS URI can download the disk without any IP filtering before the expiration time.
To prevent this security issue, I will recommend you to:
If you want to know which managed disk are configured with the connectivity method « Public endpoint », you can use an Azure Policy in audit mode:
{ "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/disks" }, { "field": "Microsoft.Compute/disks/networkAccessPolicy", "equals": "AllowAll" } ] }, "then": { "effect": "audit" } } }
And if you want to prevent this usage, you can switch the mode of this policy to « Deny ».
Maxime.