The public cloud remains one of, if not the hottest topic, in IT right now. The chances are that if you’re not doing it, you’re thinking about it. When you are planning how you wish to adopt the public cloud, the biggest consideration for your business is security, and asking yourself how secure your infrastructure will be.
10 most common types of cyber attack
According to IT security specialist, Netwrix, the top 10 most common types of cyber attack type in today’s market, are:
- Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
- Man-in-the-middle (MitM) attack
- Phishing and spear phishing attacks
- Drive-by attack
- Password attack
- SQL injection attack
- Cross-site scripting (XSS) attack
- Eavesdropping attack
- Birthday attack
- Malware attack
Now this list is extensive, and also terrifying to any business no matter what size. So how do you know what to protect yourself from in the public cloud? The simple answer? You don’t. It’s virtually impossible to know what threat might potentially attack your system, so you have to build an adaptable framework for the cloud as if it were your own datacentre.
Road-testing the ‘Virus Attack’ scenario
Understanding your threat and knowing how to deal with it before a live scenario occurs is a powerful advantage.
When I am delivering Azure Cyber Security workshops I like to show customers the Virus Attack scenario. This involves deploying a solution from GitHub straight into your Azure environment (preferably not Production), which basically infects your infrastructure with a dummy .txt file, so you can follow the basic steps to rectify the infected target. This is powerful because it enables you to dive into the native security features Microsoft Azure has to offer and shows how Azure responds and deals with these threats. For any doubters in the room, this turns them around every time.
4 steps to defining your security principles
To help you on your journey to the public cloud, below are 4 key steps to help you properly configure and apply security principals for your infrastructure resources.
Define:
If you are looking to migrate or build a Web Server in Azure, your first step is to define and configure your settings. Define port 443 and maybe port 80 open. Make sure your IIS is secure, patching of the operating system is up-to-date, and ensure current anti-malware is installed. If you’re planning on leveraging RDP, look at transmuting your RDP Protocol from 3389 to another numbered port value, and enable DDoS Standard Protection on your virtual networks. These are configurations that you should already adopt in your on-premises environment, so just extend that practice into the cloud.
Observe:
Once you have securely configured your infrastructure, you need to monitor and observe it to prevent any potential intrusions, vulnerabilities or threats. How you monitor your infrastructure is down to you – whether you leverage a cloud offering like Azure Log Analytics, a third party tool or even use your existing on-premises resource (providing it’s supported and can be extended).
Identify:
Now that your monitoring is in place, you will need be able to identify and detect any threats which been discovered within your system. If there’s a breach or an attack, or something has been compromised, you should be able to respond to that threat immediately, setting up email alerting, send text messages, and meeting the timescales of your security SLA.
React:
From your monitoring solution, you should now be able to react adequately to the attack or breach. This will require investigation to identify the correct method for resolving the attack, whether that be applying a new security OS patch, or application patch, or simply running Anti-Virus to quarantine the threat.
With this newfound knowledge you can adapt the infrastructure configuration, applying this practice the rest of your environment, so that you’re fully protected and secure going forward. Having an adapted cloud security model prior to deployment will give you greater confidence. After all, whilst the cloud moves fast, security threats move faster.
