Dawnmarie DesJardins
GitHub
Коммит
0bacf6d0b9
|
|
@ -9,7 +9,7 @@ Before the hands-on lab setup guide
|
|||
</div>
|
||||
|
||||
<div class="MCWHeader3">
|
||||
February 2020
|
||||
July 2020
|
||||
</div>
|
||||
|
||||
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
|
||||
|
|
@ -29,10 +29,11 @@ Microsoft and the trademarks listed at <https://www.microsoft.com/en-us/legal/in
|
|||
- [Security baseline on Azure before the hands-on lab setup guide](#security-baseline-on-azure-before-the-hands-on-lab-setup-guide)
|
||||
- [Requirements](#requirements)
|
||||
- [Before the hands-on lab](#before-the-hands-on-lab)
|
||||
- [Task 1: Deploy resources to Azure](#task-1-deploy-resources-to-azure)
|
||||
- [Task 2: Download Google Chrome](#task-2-download-google-chrome)
|
||||
- [Task 3: Download SQL Server Management Studio](#task-3-download-sql-server-management-studio)
|
||||
- [Task 4: Download GitHub resources](#task-4-download-github-resources)
|
||||
- [Task 1: Configure Azure Security Center](#task-1-configure-azure-security-center)
|
||||
- [Task 2: Deploy resources to Azure](#task-2-deploy-resources-to-azure)
|
||||
- [Task 3: Download Google Chrome](#task-3-download-google-chrome)
|
||||
- [Task 4: Download SQL Server Management Studio](#task-4-download-sql-server-management-studio)
|
||||
- [Task 5: Download GitHub resources](#task-5-download-github-resources)
|
||||
|
||||
<!-- /TOC -->
|
||||
|
||||
|
|
@ -56,33 +57,51 @@ Microsoft and the trademarks listed at <https://www.microsoft.com/en-us/legal/in
|
|||
|
||||
Duration: 30 minutes
|
||||
|
||||
Synopsis: In this exercise, you will set up your environment for use in the rest of the hands-on lab. You should follow all the steps provided in the Before the Hands-on Lab section to prepare your environment *before* attending the workshop.
|
||||
In this exercise, you will set up your environment for use in the rest of the hands-on lab. You should follow all the steps provided in the Before the hands-on lab section to prepare your environment *before* attending the workshop.
|
||||
|
||||
### Task 1: Deploy resources to Azure
|
||||
### Task 1: Configure Azure Security Center
|
||||
|
||||
1. Open your Azure Portal.
|
||||
1. Open the [Azure Portal](https://portal.azure.com).
|
||||
|
||||
2. Select **Resource groups**.
|
||||
2. In the search box, type **Security Center**, then select it.
|
||||
|
||||
3. Select **+Add**.
|
||||
|
||||
|
||||
4. Type a resource group name, such as **azsecurity-\[your initials or first name\]**.
|
||||
3. In the blade menu, select **Pricing & Settings**, then select the subscription you are running the labs in.
|
||||
|
||||
5. Select **Review + Create**, then select **Create**.
|
||||
|
||||
|
||||
6. Select **Refresh** to see your new resource group displayed and select it. It may take a few minutes.
|
||||
4. If not already set, update the pricing tier to be **Standard**, then select **Save**.
|
||||
|
||||
7. Under **Settings**, select **Export template**, and then select **Deploy**.
|
||||
|
||||
|
||||
|
||||
5. In the blade menu, select **Data Collection**.
|
||||
|
||||
8. Select **Build your own template in the editor**.
|
||||
|
||||
|
||||
9. Copy the contents of the [ARM template](https://raw.githubusercontent.com/microsoft/MCW-Security-baseline-on-Azure/master/Hands-on%20lab/Scripts/template.json) from the repo.
|
||||
6. Toggle the **Auto Provisioning** to **Off**.
|
||||
|
||||
10. Paste the ARM template into the window.
|
||||
> **Note**: Auto-provisioning is turned off for purposes of this lab, it is highly recommended that auto-provisioning is set to "on" in a production environment to ensure they security controls are applied.
|
||||
|
||||
11. Select **Save**, you will see the dialog with the input parameters. Fill out the form:
|
||||
### Task 2: Deploy resources to Azure
|
||||
|
||||
1. Select **Resource groups**.
|
||||
|
||||
2. Select **+Add**.
|
||||
|
||||
3. Type a resource group name, such as **azsecurity-\[your initials or first name\]**.
|
||||
|
||||
4. Select **Review + Create**, then select **Create**.
|
||||
|
||||
5. Select **Refresh** to see your new resource group displayed and select it. It may take a few minutes.
|
||||
|
||||
6. Select **Create a resource**, search for **template**, select **Template deployment (deploy using custom template)**, then select **Create**.
|
||||
|
||||
7. Select **Build your own template in the editor**.
|
||||
|
||||
8. Copy the contents of the [ARM template](https://raw.githubusercontent.com/microsoft/MCW-Security-baseline-on-Azure/master/Hands-on%20lab/Scripts/template.json) from the repo and then paste the ARM template into the window.
|
||||
|
||||
9. Select **Save**, you will see the dialog with the input parameters. Fill out the form:
|
||||
|
||||
- Subscription: Select your **subscription**.
|
||||
|
||||
|
|
@ -92,7 +111,7 @@ Synopsis: In this exercise, you will set up your environment for use in the rest
|
|||
|
||||
>**Note**: You may receive an error if you pick a region that does not support this lab. We recommend using East US, East US 2, West Central US, or West US 2.
|
||||
|
||||
- Modify the **sqlservername** to be something unique such as "azsecurity-\[your initials or first name\]".
|
||||
- Modify the **sqlservername** to be something unique such as **azsecurity-\[your initials or first name\]**.
|
||||
|
||||
- Fill in the remaining parameters, but if you change anything, be sure to note it for future reference throughout the lab.
|
||||
|
||||
|
|
@ -106,7 +125,7 @@ Synopsis: In this exercise, you will set up your environment for use in the rest
|
|||
|
||||
|
||||
|
||||
12. The deployment will take 20-40 minutes to complete. To view the progress, select the **Deployments** link, then select the **Microsoft.Template** deployment.
|
||||
10. The deployment will take 20-40 minutes to complete. To view the progress, select your resource group, then select the **Deployments** blade link, then select the **Microsoft.Template** deployment.
|
||||
|
||||
|
||||
|
||||
|
|
@ -114,39 +133,43 @@ Synopsis: In this exercise, you will set up your environment for use in the rest
|
|||
|
||||
- Storage account
|
||||
|
||||
- Three virtual networks (dbVNet, webVnet, mainVnet).
|
||||
- Three virtual networks (dbVNet, webVNet, mainVNet).
|
||||
|
||||
- Three network security groups.
|
||||
|
||||
- Three lab supporting virtual machines with associated network resources (db-1, web-1, paw-1).
|
||||
- Four lab supporting virtual machines with associated network resources (db-1, web-1, paw-1, linux-1).
|
||||
|
||||
- IIS is installed on web-1 via a DSC script from the GitHub repository.
|
||||
|
||||
- Port 1433 is opened on the database server using a PowerShell script.
|
||||
|
||||
- paw-1 is used as a development machine for the labs to save on resources. A Paw workstation would not be used as a development machine in production with Visual Studio and SQL Management Studio. This was done to save on resource costs and setup complexity.
|
||||
- Paw-1 is used as a development machine for the labs to save on resources. A Paw workstation would not be used as a development machine in production with Visual Studio and SQL Management Studio. This was done to save on resource costs and setup complexity.
|
||||
|
||||
> **Note**: Please reference [Understand secure, Azure-managed workstations](https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-managed-workstation) and [Privileged Access Workstations](https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations) for best practices with PAW machines.
|
||||
|
||||
- SQL Azure Server with sample database.
|
||||
|
||||
- Azure Key Vault
|
||||
|
||||
- Log Analytics Workspace
|
||||
- Log Analytics Workspace with joined Azure Automation account.
|
||||
|
||||
|
||||
|
||||
### Task 2: Download Google Chrome
|
||||
### Task 3: Download Google Chrome
|
||||
|
||||
1. Log in to the Virtual Machine created via the ARM template called **paw-1**.
|
||||
1. Log in to the Virtual Machine created via the ARM template named **paw-1**.
|
||||
|
||||
2. Open Internet Explorer and browse to <https://www.google.com/chrome/>.
|
||||
|
||||
3. Select **Download Chrome** on the webpage and follow the prompts.
|
||||
|
||||
### Task 3: Download SQL Server Management Studio
|
||||
### Task 4: Download SQL Server Management Studio
|
||||
|
||||
1. From the **paw-1** Virtual Machine, open Google Chrome and browse to <https://aka.ms/ssmsfullsetup>.
|
||||
|
||||
2. After the installer has completed downloading, run it and follow the prompts to install SQL Server Management Studio.
|
||||
|
||||
### Task 4: Download GitHub resources
|
||||
### Task 5: Download GitHub resources
|
||||
|
||||
1. Open a browser window to the cloud workshop GitHub repository (<https://github.com/microsoft/MCW-Security-baseline-on-Azure>).
|
||||
|
||||
|
|
@ -158,4 +181,4 @@ Synopsis: In this exercise, you will set up your environment for use in the rest
|
|||
|
||||
|
||||
|
||||
**Note**: You should follow all steps provided *before* attending the hands-on lab.
|
||||
You should follow all steps provided *before* attending the hands-on lab.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Hands-on lab step-by-step
|
|||
</div>
|
||||
|
||||
<div class="MCWHeader3">
|
||||
February 2020
|
||||
July 2020
|
||||
</div>
|
||||
|
||||
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
|
||||
|
|
@ -52,14 +52,22 @@ Microsoft and the trademarks listed at <https://www.microsoft.com/en-us/legal/in
|
|||
- [Task 4: Install network watcher VM extension](#task-4-install-network-watcher-vm-extension)
|
||||
- [Task 5: Setup network packet capture](#task-5-setup-network-packet-capture)
|
||||
- [Task 6: Execute a port scan](#task-6-execute-a-port-scan)
|
||||
- [Exercise 5: Azure Sentinel Logging and Reporting](#exercise-5-azure-sentinel-logging-and-reporting)
|
||||
- [Exercise 5: Azure Security Center](#exercise-5-azure-security-center)
|
||||
- [Task 1: Linux VM and Microsoft Monitoring Agent (MMA) install](#task-1-linux-vm-and-microsoft-monitoring-agent-mma-install)
|
||||
- [Task 2: Execute brute force attack](#task-2-execute-brute-force-attack)
|
||||
- [Task 3: Enable change tracking and update management](#task-3-enable-change-tracking-and-update-management)
|
||||
- [Task 4: Review MMA configuration](#task-4-review-mma-configuration)
|
||||
- [Task 5: Adaptive Application Controls](#task-5-adaptive-application-controls)
|
||||
- [Task 6: File Integrity Monitoring](#task-6-file-integrity-monitoring)
|
||||
- [Task 7: Disk encryption](#task-7-disk-encryption)
|
||||
- [Exercise 6: Azure Sentinel logging and reporting](#exercise-6-azure-sentinel-logging-and-reporting)
|
||||
- [Task 1: Create a dashboard](#task-1-create-a-dashboard)
|
||||
- [Task 2: Create an Analytics alert](#task-2-create-an-analytics-alert)
|
||||
- [Task 3: Investigate a custom alert incident](#task-3-investigate-a-custom-alert-incident)
|
||||
- [Task 4: Create and run a playbook](#task-4-create-and-run-a-playbook)
|
||||
- [Task 5: Execute Jupyter Notebooks](#task-5-execute-jupyter-notebooks)
|
||||
- [Task 6: Creating Reports with Power BI](#task-6-creating-reports-with-power-bi)
|
||||
- [Exercise 6: Using Compliance Tools (Azure Policy, Secure Score and Compliance Manager)](#exercise-6-using-compliance-tools-azure-policy-secure-score-and-compliance-manager)
|
||||
- [Task 6: Creating reports with Power BI](#task-6-creating-reports-with-power-bi)
|
||||
- [Exercise 7: Using Compliance Tools (Azure Policy, Secure Score and Compliance Manager)](#exercise-7-using-compliance-tools-azure-policy-secure-score-and-compliance-manager)
|
||||
- [Task 1: Review a basic Azure Policy](#task-1-review-a-basic-azure-policy)
|
||||
- [Task 2: Review and create Azure Blueprints](#task-2-review-and-create-azure-blueprints)
|
||||
- [Task 3: Secure Score](#task-3-secure-score)
|
||||
|
|
@ -109,7 +117,7 @@ The solution begins by creating a jump machine. This jump machine is used to acc
|
|||
|
||||
Duration: 15 minutes
|
||||
|
||||
Synopsis: In this exercise, attendees will secure a Privileged Access Workstation (PAW) workstation using the Azure Security Center Just-in-Time Access feature.
|
||||
In this exercise, attendees will secure a Privileged Access Workstation (PAW) workstation using the Azure Security Center Just-in-Time Access feature.
|
||||
|
||||
### Task 1: Setup virtual machine with JIT
|
||||
|
||||
|
|
@ -117,7 +125,7 @@ Synopsis: In this exercise, attendees will secure a Privileged Access Workstatio
|
|||
|
||||
2. Select **Security Center,** then under **ADVANCED CLOUD DEFENSE** select **Just in time VM access**.
|
||||
|
||||
|
||||
|
||||
|
||||
> **Note**: Your subscription may not be set up with the **Standard** tier; if that is the case then do the following:
|
||||
|
||||
|
|
@ -140,41 +148,39 @@ Synopsis: In this exercise, attendees will secure a Privileged Access Workstatio
|
|||
|
||||
|
||||
|
||||
5. After a few minutes, you should see the states changed to **Resolved**. If this does not occur due to UI changes, then browse back to the **Configured** tab.
|
||||
5. After a few minutes, you should see the virtual machines moved to the **Configured** tab.
|
||||
|
||||
|
||||
|
||||
|
||||
### Task 2: Perform a JIT request
|
||||
|
||||
1. Select the **Configured** tab. You should now see all the machines listed.
|
||||
|
||||
2. Select the **paw-1** virtual machine, and then select **Request access**.
|
||||
1. Select the **paw-1** virtual machine, and then select **Request access**.
|
||||
|
||||
|
||||
|
||||
3. For each of the ports, select the **On** toggle button, notice how the default IP settings is **My IP**.
|
||||
2. For each of the ports, select the **On** toggle button, notice how the default IP settings is **My IP**.
|
||||
|
||||
|
||||
|
||||
4. At the bottom of the dialog, select **Open ports**. After a few moments, you should now see the **APPROVED** requests have been incremented and the **Last Access** is set to **Active now.**.
|
||||
3. At the bottom of the dialog, select **Open ports**. After a few moments, you should now see the **APPROVED** requests have been incremented and the **Last Access** is set to **Active now.**.
|
||||
|
||||
|
||||
|
||||
> **Note** If you did not wait for your VMs and virtual networks to be fully provisioned via the ARM template, you may get an error.
|
||||
|
||||
5. Select the ellipses, then select **Activity Log**, you will be able to see a history of who requests access to the virtual machines.
|
||||
4. Select the ellipses, then select **Activity Log**, you will be able to see a history of who requests access to the virtual machines.
|
||||
|
||||
|
||||
|
||||
> **Note**: These entries will persist after you have deleted the VMs. You will need to manually remove them after VM deletion.
|
||||
|
||||
6. In the Azure Portal main menu, select **All Services**, then type **Network**, then select **Network security groups**.
|
||||
5. In the Azure Portal main menu, select **All Services**, then type **Network**, then select **Network security groups**.
|
||||
|
||||
|
||||
|
||||
7. In the filter textbox, type **paw-1-nsg**, then select the **paw-1-nsg** network security group.
|
||||
6. In the filter textbox, type **paw-1-nsg**, then select the **paw-1-nsg** network security group.
|
||||
|
||||
8. Select **Inbound security rules.** You should now see inbound security rules set up by JIT Access.
|
||||
7. Select **Inbound security rules.** You should now see inbound security rules set up by JIT Access.
|
||||
|
||||
|
||||
|
||||
|
|
@ -182,7 +188,7 @@ Synopsis: In this exercise, attendees will secure a Privileged Access Workstatio
|
|||
|
||||
Duration: 45 minutes
|
||||
|
||||
Synopsis: In this exercise, attendees will utilize Azure SQL features to data mask database data and utilize Azure Key Vault to encrypt sensitive columns for users and applications that query the database.
|
||||
In this exercise, attendees will utilize Azure SQL features to data mask database data and utilize Azure Key Vault to encrypt sensitive columns for users and applications that query the database.
|
||||
|
||||
### Task 1: Setup the database
|
||||
|
||||
|
|
@ -190,7 +196,7 @@ Synopsis: In this exercise, attendees will utilize Azure SQL features to data ma
|
|||
|
||||
|
||||
|
||||
2. Select the **Azure SQL** database server you created using the Azure Manager template (Ex: AzureSecurity-INIT).
|
||||
2. Select the **Azure SQL** database server you created using the Azure Manager template (Ex: AzureSecurity-INIT).
|
||||
|
||||
3. Select **SQL databases** under the Settings section, then select the **SampleDB** database.
|
||||
|
||||
|
|
@ -214,7 +220,7 @@ Synopsis: In this exercise, attendees will utilize Azure SQL features to data ma
|
|||
|
||||
|
||||
|
||||
9. Depending on how you connected to the Azure SQL environment (inside or outside your vnet), you may be prompted to add a firewall rule. If this occurs, perform the following actions:
|
||||
9. Depending on how you connected to the Azure SQL environment (inside or outside your VNet), you may be prompted to add a firewall rule. If this occurs, perform the following actions:
|
||||
|
||||
- Select **Connect**, in the **New Firewall Rule** dialog, select **Sign In**.
|
||||
|
||||
|
|
@ -222,7 +228,7 @@ Synopsis: In this exercise, attendees will utilize Azure SQL features to data ma
|
|||
|
||||
- In the dialog, select **OK**, notice how your incoming public IP address will be added for connection.
|
||||
|
||||
|
||||
|
||||
|
||||
10. Right-click **Databases**, and select **Import Data-tier Application**.
|
||||
|
||||
|
|
@ -442,7 +448,7 @@ Synopsis: In this exercise, attendees will utilize Azure SQL features to data ma
|
|||
|
||||
Duration: 30 minutes
|
||||
|
||||
Synopsis: In this exercise, attendees will learn how to migrate web application to utilize Azure Key Vault rather than storing valuable credentials (such as connection strings) in application configuration files.
|
||||
In this exercise, attendees will learn how to migrate web application to utilize Azure Key Vault rather than storing valuable credentials (such as connection strings) in application configuration files.
|
||||
|
||||
### Task 1: Create an Azure Key Vault secret
|
||||
|
||||
|
|
@ -478,7 +484,7 @@ Synopsis: In this exercise, attendees will learn how to migrate web application
|
|||
|
||||
### Task 2: Create an Azure Active Directory application
|
||||
|
||||
1. In the Azure Portal, select **Azure Active Directory**, then select **App Registrations**.
|
||||
1. In the Azure Portal, select **Azure Active Directory**, then select **App registrations**.
|
||||
|
||||
|
||||
|
||||
|
|
@ -630,7 +636,7 @@ Synopsis: In this exercise, attendees will learn how to migrate web application
|
|||
|
||||
Duration: 45 minutes
|
||||
|
||||
Synopsis: In this exercise, attendees will utilize Network Security Groups to ensure that virtual machines are segregated from other Azure hosted services and then explore the usage of the Network Packet Capture feature of Azure to actively monitor traffic between networks.
|
||||
In this exercise, attendees will utilize Network Security Groups to ensure that virtual machines are segregated from other Azure hosted services and then explore the usage of the Network Packet Capture feature of Azure to actively monitor traffic between networks.
|
||||
|
||||
### Task 1: Test network security group rules \#1
|
||||
|
||||
|
|
@ -642,7 +648,7 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
> **Note**: Default username is **wsadmin** with **p\@ssword1rocks** as password and you may need to request JIT Access if you have taken a break between exercises.
|
||||
|
||||
4. In the **PAW-1** virtual machine, open **Windows PowerShell ISE** as **administrator**.
|
||||
4. In the **paw-1** virtual machine, open **Windows PowerShell ISE** as **administrator**.
|
||||
|
||||
- Select the **Windows** icon.
|
||||
|
||||
|
|
@ -662,33 +668,38 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
> **Note**: You would have downloaded the [GitHub repo](https://github.com/Microsoft/MCW-Azure-Security-Privacy-and-Compliance) and extracted this in the setup steps. If you did not perform those steps, perform them now. You can also choose to copy the file from your desktop to the VM.
|
||||
|
||||
8. Review the script. Notice that it does the following:
|
||||
8. Review the script. Notice that it does the following for various exercises:
|
||||
|
||||
- Installs NotePad++
|
||||
- Installs Putty
|
||||
|
||||
- Adds hosts entries for DNS
|
||||
- Installs NotePad++
|
||||
|
||||
> **Note**: When using multiple virtual networks, you must setup a DNS server in the Azure tenant.
|
||||
- Adds hosts entries for DNS
|
||||
|
||||
- Executes port scans
|
||||
> **Note**: When using multiple virtual networks, you must setup a DNS server in the Azure tenant.
|
||||
|
||||
9. Press **F5** to run the script. You should see the following (the Azure ARM Template created a default rule to block all traffic):
|
||||
- Executes port scans
|
||||
|
||||
- Port scan for port 3389 (RDP) to **DB-1** and **WEB-1** is unsuccessful from the **PAW-1** machine.
|
||||
- Executes brute force SSH attack
|
||||
|
||||
9. Press **F5** to run the script for exercise 4. You should see the following:
|
||||
|
||||
> **Note**: The ARM template deploys a Deny All rule. If you were to simply create a Network Security Group from the UI, you would not experience this behavior.
|
||||
|
||||
- Port scan for port 3389 (RDP) to **db-1** and **web-1** is unsuccessful from the **paw-1** machine.
|
||||
|
||||
- The information above for port 3389 (RDP) is visible after running the script and pressing **F5**.
|
||||
|
||||
|
||||
|
||||
- Port scan for port 1433 (SQL) to **DB-1** and **WEB-1** is unsuccessful from the **PAW-1** machine. **DB-1** is running SQL Server but traffic is blocked at NSG and via the Windows Firewall.
|
||||
- Port scan for port 1433 (SQL) to **db-1** and **web-1** is unsuccessful from the **paw-1** machine. **db-1** is running SQL Server but traffic is blocked at NSG and via the Windows Firewall by default, however a script ran in the ARM template to open port 1433 on the db-1 server.
|
||||
|
||||
|
||||
|
||||
- Port scan for port 80 (HTTP) to **DB-1** and **WEB-1** is unsuccessful from the **PAW-1** machine, if traffic was allowed, it would always fail to **DB-1** because it is not running IIS or any other web server.
|
||||
- Port scan for port 80 (HTTP) to **db-1** and **web-1** is unsuccessful from the **paw-1** machine, if traffic was allowed, it would always fail to **db-1** because it is not running IIS or any other web server.
|
||||
|
||||
|
||||
|
||||
> **Note**: The ARM template deploys a Deny All rule. If you were to simply create a Network Security Group from the UI, you would not experience this behavior.
|
||||
|
||||
### Task 2: Configure network security groups
|
||||
|
||||
|
|
@ -696,51 +707,67 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
2. Configure the database server to only allow SQL Connections from the web server:
|
||||
|
||||
- Select **Network Security Groups**.
|
||||
- Select **Network Security Groups**.
|
||||
|
||||
- Select **DbTrafficOnly**.
|
||||
- Select **DbTrafficOnly**.
|
||||
|
||||
- Select **Inbound Security Rules**.
|
||||
- Select **Inbound Security Rules**.
|
||||
|
||||
- Select **+Add**.
|
||||
- Select **+Add**.
|
||||
|
||||
- For the **Source**, select **IP Addresses**.
|
||||
- For the **Source**, select **IP Addresses**.
|
||||
|
||||
- For the **Source IP address**, enter **10.2.0.4**.
|
||||
- For the **Source IP address**, enter **10.2.0.4**.
|
||||
|
||||
- For the **Destination**, keep **Any**.
|
||||
- For the **Destination**, keep **Any**.
|
||||
|
||||
- For the **Destination port range**, enter **1433**.
|
||||
- For the **Destination port range**, enter **1433**.
|
||||
|
||||
- For the **Priority**, enter **100**.
|
||||
- For the **Priority**, enter **100**.
|
||||
|
||||
- For the **Name**, enter **Port_1433**.
|
||||
- For the **Name**, enter **Port_1433**.
|
||||
|
||||
- Select **Add**.
|
||||
- Select **Add**.
|
||||
|
||||
- Select **+Add**.
|
||||
|
||||
- For the **Source**, select **IP Addresses**.
|
||||
|
||||
- For the **Source IP address**, enter **10.0.0.4**.
|
||||
|
||||
- For the **Destination**, keep **Any**.
|
||||
|
||||
- For the **Destination port range**, enter **1433**.
|
||||
|
||||
- For the **Priority**, enter **102**.
|
||||
|
||||
- For the **Name**, enter **Port_1433_Paw**.
|
||||
|
||||
- Select **Add**.
|
||||
|
||||
3. Configure the web server to allow all HTTP and HTTPS connections:
|
||||
|
||||
- Select **Network Security Groups**.
|
||||
- Select **Network Security Groups**.
|
||||
|
||||
- Select **WebTrafficOnly**.
|
||||
- Select **WebTrafficOnly**.
|
||||
|
||||
- Select **Inbound Security Rules**.
|
||||
- Select **Inbound Security Rules**.
|
||||
|
||||
- Select **+Add**.
|
||||
- Select **+Add**.
|
||||
|
||||
- For the **Source**, keep **Any**.
|
||||
- For the **Source**, keep **Any**.
|
||||
|
||||
- For the **Destination**, keep **Any**.
|
||||
- For the **Destination**, keep **Any**.
|
||||
|
||||
- For the **Destination port ranges**, enter **80,443**.
|
||||
- For the **Destination port ranges**, enter **80,443**.
|
||||
|
||||
- For the **Priority**, enter **100**.
|
||||
- For the **Priority**, enter **100**.
|
||||
|
||||
- Change the **Name** to **Port\_80\_443**.
|
||||
- Change the **Name** to **Port\_80\_443**.
|
||||
|
||||
- Select **Add**.
|
||||
- Select **Add**.
|
||||
|
||||
> **Note**: In some rare cases it may take up to 15 minutes for your Network Security Group to change its status from **Updating**. You won't be able to add any other rules until it completes.
|
||||
> **Note**: In some rare cases it may take up to 15 minutes for your Network Security Group to change its status from **Updating**. You won't be able to add any other rules until it completes.
|
||||
|
||||
4. Configure both the database and web server to only allow RDP connections from the PAW machine:
|
||||
|
||||
|
|
@ -782,25 +809,23 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
|
||||
|
||||
- Repeat for all remaining Network Security Groups.
|
||||
|
||||
### Task 3: Test network security group rules \#2
|
||||
|
||||
1. Switch back to the **PAW-1** virtual machine.
|
||||
1. Switch back to the **paw-1** virtual machine.
|
||||
|
||||
2. Press **F5** to run the **PortScan** script. You should see the following:
|
||||
|
||||
- Port scan for port 3389 (RDP) to **DB-1** and **WEB-1** is successful from the **PAW-1** machine.
|
||||
- Port scan for port 3389 (RDP) to **db-1** and **web-1** is successful from the **paw-1** machine.
|
||||
|
||||
|
||||
|
||||
- Port scan for port 1433 (SQL) to **DB-1** is successful, and **WEB-1** is unsuccessful from the **PAW-1** machine.
|
||||
|
||||
> **Note**: You may need to disable the windows firewall on the DB-1 server to achieve this result.
|
||||
- Port scan for port 1433 (SQL) to **db-1** is successful, and **web-1** is unsuccessful from the **paw-1** machine.
|
||||
|
||||
> **Note**: If the ARM script failed, you may need to disable the windows firewall on the db-1 server to achieve this result.
|
||||
|
||||
|
||||
|
||||
- If IIS has been setup on WEB-1, the port scan for port 80 (HTTP) to **DB-1** is unsuccessful and **WEB-1** is successful from the **PAW-1** machine
|
||||
- **Note**: The ARM Template installed IIS on web-1, the port scan for port 80 (HTTP) to **web-1** is successful from the **paw-1** machine, however to **db-1** is unsuccessful as it is not running IIS.
|
||||
|
||||
|
||||
|
||||
|
|
@ -822,7 +847,7 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
|
||||
|
||||
7. In the next **Install extension** dialog window (note that it could be blank) select **OK.** You should see a toast notification about the script extension being installed into the Virtual Machine.
|
||||
7. In the next **Install extension** dialog window (note that it could be blank) select **OK.** You should see a dialog toast notification about the script extension being installed into the Virtual Machine.
|
||||
|
||||
|
||||
|
||||
|
|
@ -836,7 +861,7 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
3. Expand the subscription regions item you are running your labs in.
|
||||
|
||||
4. For the **East US** region (or whatever region you deployed your VMs too), select the ellipsis, then select **Enable Network Watcher**.
|
||||
4. For the **East US** region (or whatever region you deployed your VMs too), select the ellipsis, then select **Enable network watcher**.
|
||||
|
||||
|
||||
|
||||
|
|
@ -856,31 +881,298 @@ Synopsis: In this exercise, attendees will utilize Network Security Groups to en
|
|||
|
||||
11. Notice the ability to save the capture file to the local machine or an Azure storage account. Ensure that the resource group storage account is selected. If you check your resource group, the storage account is prefixed with **"diagstor"**.
|
||||
|
||||
|
||||
|
||||
12. For the values, enter the following:
|
||||
|
||||
- Maximum bytes per packet: 0.
|
||||
- Maximum bytes per session: 1073741824.
|
||||
- Time limit: 600.
|
||||
|
||||
|
||||
|
||||
13. Select **OK**.
|
||||
|
||||
### Task 6: Execute a port scan
|
||||
|
||||
1. Switch your Remote Desktop connection to the **PAW-1** virtual machine.
|
||||
1. Switch your Remote Desktop connection to the **paw-1** virtual machine.
|
||||
|
||||
2. Uncomment the last line of the script, and press **F5**.
|
||||
2. Uncomment the following line of the script, and press **F5**.
|
||||
|
||||
```PowerShell
|
||||
#TestPortRange $computers 80 443;
|
||||
```
|
||||
|
||||
|
||||
|
||||
> **Note**: You should see the basic ports scanned, and then a port scan from 80 to 443. This will generate many security center logs for the Network Security Group which will be used in the Custom Alert in the next exercise.
|
||||
> **Note**: You should see the basic ports scanned, and then a port scan from 80 to 443. This will generate many security center logs for the Network Security Groups which will be used in the Custom Alert in the next set of exercises. Continue to the next exercise while the script executes.
|
||||
|
||||
## Exercise 5: Azure Sentinel Logging and Reporting
|
||||
## Exercise 5: Azure Security Center
|
||||
|
||||
Duration: 45 minutes
|
||||
|
||||
Azure Security Center provides several advanced security and threat detection abilities that are not enabled by default. In this exercise we will explore and enable several of them.
|
||||
|
||||
### Task 1: Linux VM and Microsoft Monitoring Agent (MMA) install
|
||||
|
||||
1. In the Azure Portal, browse to your **azsecurity-INIT** resource group, then select the *azseclog...* **Log Analytics Workspace**.
|
||||
|
||||
|
||||
|
||||
2. In the blade, select **Agents management**.
|
||||
|
||||
3. Record the `Workspace ID` and the `Primary key` values.
|
||||
|
||||
|
||||
|
||||
4. Switch to the Remote Desktop Connection to the **paw-1**.
|
||||
|
||||
5. Open the **Putty** tool, login to the **linux-1** machine using the username and password.
|
||||
|
||||
|
||||
|
||||
6. Run the following commands, be sure to replace the workspace tokens with the values you records above:
|
||||
|
||||
```bash
|
||||
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR_WORKSPACE_ID> -s <YOUR_WORKSPACE_KEY>
|
||||
|
||||
sudo /opt/microsoft/omsagent/bin/service_control restart <YOUR_WORKSPACE_ID>
|
||||
|
||||
```
|
||||
|
||||
7. Switch back to the Azure Portal.
|
||||
|
||||
8. In the blade menu, select **Advanced settings** and then select **Linux Servers**, you should see **1 LINUX COMPUTER CONNECTED**.
|
||||
|
||||
|
||||
|
||||
> **Note**: In most cases, Azure will assign resources automatically to the log analytics workspace in your resource group.
|
||||
|
||||
### Task 2: Execute brute force attack
|
||||
|
||||
1. Switch to the Remote Desktop Connection to the **paw-1**.
|
||||
|
||||
2. In the PowerShell ISE, comment the lines for Exercise 4, then uncomment the lines for Exercise 5.
|
||||
|
||||
3. Run the script, notice how it will execute several attempts to login via SSH to the **linux-1** machine using the plink tool from putty.
|
||||
|
||||
4. After a few moments (up to 30 mins), you will see an alert from Security Center about a successful brute force attack.
|
||||
|
||||
|
||||
|
||||
### Task 3: Enable change tracking and update management
|
||||
|
||||
1. Switch back to the Azure Portal.
|
||||
|
||||
2. In the search menu, type **Virtual Machine**, then select it.
|
||||
|
||||
3. Highlight the **paw-1**, **web-1**, **db-1** and **linux-1** virtual machines that were deployed.
|
||||
|
||||
4. In the top menu, select **Services**, then select **Change Tracking**.
|
||||
|
||||
|
||||
|
||||
5. Select the **CUSTOM** radio button.
|
||||
|
||||
6. Select **change**, select the **Log Analytics Workspace** that was deployed with the lab ARM template.
|
||||
|
||||
|
||||
|
||||
7. Select the log analytics workspace for your resource group and then select the matching automation account, then select **OK**.
|
||||
|
||||
|
||||
|
||||
8. Select all the virtual machines, then select **Enable**.
|
||||
|
||||
9. Navigate back to the **Virtual Machines** blade, again highlight the **paw-1**, **web-1**, **db-1** and **linux-1** virtual machines that were deployed.
|
||||
|
||||
10. In the top menu, select **Services**, then select **Inventory**.
|
||||
|
||||
11. Select the **CUSTOM** radio button.
|
||||
|
||||
12. Select **change**, select the **Log Analytics Workspace** that was deployed with the lab ARM template.
|
||||
|
||||
13. Notice that all the VMs are already enabled for the workspace based on the last task.
|
||||
|
||||
14. Navigate back to the **Virtual Machines** blade, again, highlight the **paw-1**, **web-1**, **db-1** and **linux-1** virtual machines that were deployed.
|
||||
|
||||
15. In the top menu, select **Services**, then select **Update Management**.
|
||||
|
||||
16. Select the **CUSTOM** radio button.
|
||||
|
||||
17. Select **change**, select the **Log Analytics Workspace** that was deployed with the lab ARM template.
|
||||
|
||||
18. Select all the virtual machines, then select **Enable**.
|
||||
|
||||
19. Browse to your resource group, then select your Log Analytics workspace.
|
||||
|
||||
20. Under the **General** section, select the **Solutions** blade, you should see the **ChangeTracking** and **Updates** solutions were added to your workspace. Select the **ChangeTracking** solution.
|
||||
|
||||
|
||||
|
||||
21. Under **Workspace Data Sources** section, select **Solution Targeting (Preview)**.
|
||||
|
||||
22. Remove any scopes that are displayed via the ellipses to the right of the items.
|
||||
|
||||
23. Repeat the steps to remove the solution targeting for the **Updates** solution.
|
||||
|
||||
### Task 4: Review MMA configuration
|
||||
|
||||
1. Switch to the Remote Desktop Connection to the **paw-1**.
|
||||
|
||||
2. Open **Event Viewer**.
|
||||
|
||||
3. Expand the **Applications and Services Logs**, then select **Operations Manager**.
|
||||
|
||||
4. Right-click **Operations Manager**, select **Filter Current Logs**.
|
||||
|
||||
|
||||
|
||||
5. For the event id, type **5001**, select the latest entry, you should see similar names to all the solutions that are deployed in your Log Analytics workspace including the ones you just added:
|
||||
|
||||
|
||||
|
||||
6. Open **Windows Explorer**, browse to **C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs** folder.
|
||||
|
||||
7. Notice the management packs that have been downloaded that correspond to the features you deployed from Azure Portal.
|
||||
|
||||
|
||||
|
||||
### Task 5: Adaptive Application Controls
|
||||
|
||||
1. Switch to the Azure Portal.
|
||||
|
||||
2. Select **Azure Security Center**.
|
||||
|
||||
3. In the blade menu, scroll to the **ADVANCED CLOUD DEFENSE** section and select **Adaptive application controls**.
|
||||
|
||||
4. You will likely have several groups displayed, find the one that has your newly created lab VMs.
|
||||
|
||||
|
||||
|
||||
5. Expand the **Publisher whitelisting rules** section, you should see that Google Chrome and Notepad++ were picked up and have Microsoft Certificated tied to them.
|
||||
|
||||
|
||||
|
||||
6. In the top menu, select **Group settings**.
|
||||
|
||||
7. Review the available settings.
|
||||
|
||||
> **Note**: As of June 2020, the **Enforce** option is temporarily disabled.
|
||||
|
||||
### Task 6: File Integrity Monitoring
|
||||
|
||||
1. Switch to the Azure Portal.
|
||||
|
||||
2. Select Azure Security Center.
|
||||
|
||||
3. In the blade menu, scroll to the **ADVANCED CLOUD DEFENSE** section and select **File Integrity Monitoring**.
|
||||
|
||||
4. For the log workspace tied to your lab environment virtual machines, if displayed, select **Upgrade Plan**, then select **Try File Integrity Monitoring**.
|
||||
|
||||
5. Select the workspace only, then select **Upgrade**.
|
||||
|
||||
6. Select the **Continue without installing agents** link.
|
||||
|
||||
|
||||
|
||||
7. If displayed, select **Enable**, otherwise simply select the workspace.
|
||||
|
||||
8. In the menu, select **Settings**.
|
||||
|
||||
|
||||
|
||||
9. Select the **Windows Files** tab.
|
||||
|
||||
10. Select **+Add**.
|
||||
|
||||
11. For the item name, type **HOSTS**.
|
||||
|
||||
12. For the path, type **c:\windows\system32\drivers\etc\\\***.
|
||||
|
||||
13. Select **Save**.
|
||||
|
||||
|
||||
|
||||
14. Select the **File Content** tab.
|
||||
|
||||
15. Select **Link**, then select the storage account tied to your lab.
|
||||
|
||||
> **Note**: It will take 30-60 minutes for Log Analytics and its management packs to execute on all your VMs. As you may not have that much time with this lab, screen shots are provided as to what results you will eventually get.
|
||||
|
||||
|
||||
|
||||
16. Switch to the Remote Desktop Connection to the **paw-1**.
|
||||
|
||||
17. Open the **c:\windows\system32\drivers\etc\hosts** file.
|
||||
|
||||
18. Add the following entry:
|
||||
|
||||
```cmd
|
||||
10.0.0.6 linux-1
|
||||
```
|
||||
|
||||
19. Save the file.
|
||||
|
||||
20. After about 30-60 minutes, the Log Analytics workspace will start to pick up changes to your files, registry settings and windows services:
|
||||
|
||||
|
||||
|
||||
21. You will also start to see the file snapshots show up in the storage account:
|
||||
|
||||
|
||||
|
||||
### Task 7: Disk encryption
|
||||
|
||||
1. Switch to the Azure Portal.
|
||||
|
||||
2. Browse to your resource group.
|
||||
|
||||
3. Browse to your key vault.
|
||||
|
||||
4. In the blade menu under **Settings**, select **Access Policies**.
|
||||
|
||||
5. Select the **Azure Disk Encryption for volume encryption** checkbox.
|
||||
|
||||
|
||||
|
||||
6. Select **Save**.
|
||||
|
||||
7. Browse to your resource group.
|
||||
|
||||
8. Select the **linux-1** virtual machine.
|
||||
|
||||
9. In the blade menu, select **Disks**.
|
||||
|
||||
10. In the top menu, select **Encryption**.
|
||||
|
||||
|
||||
|
||||
11. For **Disks to encrypt**, select **OS Disk**.
|
||||
|
||||
12. Select the **Select a key vault and key for encryption** link.
|
||||
|
||||
13. Select the lab key vault.
|
||||
|
||||
14. For the key, select **Create new**.
|
||||
|
||||
15. For the name, type **vm-disk-key**.
|
||||
|
||||
16. Select **Create**.
|
||||
|
||||
|
||||
|
||||
17. For the **Version**, select the new version.
|
||||
|
||||
18. Select **Select**.
|
||||
|
||||
19. Select **Save**, then select **Yes** when prompted.
|
||||
|
||||
> **Note**: Disk encryption can take some time, move on to the next exercises.
|
||||
|
||||
## Exercise 6: Azure Sentinel logging and reporting
|
||||
|
||||
Duration: 20 minutes
|
||||
|
||||
Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging workspace and then create custom alerts that execute Azure Runbooks.
|
||||
In this exercise, you will setup Azure Sentinel to point to a logging workspace and then create custom alerts that execute Azure Runbooks.
|
||||
|
||||
### Task 1: Create a dashboard
|
||||
|
||||
|
|
@ -896,19 +1188,19 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
4. In the blade, under **Threat Management**, select **Workbooks**.
|
||||
|
||||
5. In the list of workbooks, select **Azure Network Watcher**, choose **Save**.
|
||||
5. In the list of workbooks, select **Azure AD Audit logs**, select **Save**.
|
||||
|
||||
6. Select the region and choose **OK**.
|
||||
|
||||
7. In the list of workbooks, select **Azure AD Audit logs**, select **Save**.
|
||||
|
||||
8. Select the region and select **OK**.
|
||||
6. Select the region and select **OK**.
|
||||
|
||||
|
||||
|
||||
7. In the list of workbooks, select **Azure Network Watcher**, choose **Save**.
|
||||
|
||||
8. Select the region and choose **OK**.
|
||||
|
||||
9. Select **View saved workbook**, take a moment to review your new workbook.
|
||||
|
||||
> **Note**: You may not have data in the log analytics workspace. Wait for 10-15 minutes.
|
||||
> **Note**: You may not have data in the log analytics workspace for the targeted workbook queries.
|
||||
|
||||
### Task 2: Create an Analytics alert
|
||||
|
||||
|
|
@ -929,7 +1221,7 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
| where AggregatedValue > 0
|
||||
```
|
||||
|
||||
> **Note**: If you wanted to target a specific NSG, you can add `and Resource == 'WEBTRAFFICONLY'` to the query
|
||||
> **Note**: If you wanted to target a specific NSG, you can add `and Resource == 'WEBTRAFFICONLY'` to the query.
|
||||
|
||||
|
||||
|
||||
|
|
@ -937,7 +1229,7 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
> **Note**: Since the introduction of Azure Security Center and Sentinel, the backend logging has changed a few times as well as the way the calculations are done in the rule query (timespan in query vs outside query, etc.). The ultimate goal of this query is to find when a series of failed connection attempts have been made against a network security group and a specific deny rule. If for some reason the UI/backend has been modified since the last published lab, modify the query to accomplish this goal.
|
||||
|
||||
5. Under **Map entities**, for the **IP**, select the **primaryIPv4Address_s** column, then select **Add**
|
||||
5. Under **Map entities**, for the **IP**, select the **primaryIPv4Address_s** column, then select **Add**.
|
||||
|
||||
6. Under **Query scheduling**, for the **Run query every** setting, type **5** minutes.
|
||||
|
||||
|
|
@ -953,7 +1245,7 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
|
||||
|
||||
9. Select **Next: Incident settings**, notice you have no playbooks to select yet.
|
||||
9. Select **Next: Incident settings**, review the potential incident settings.
|
||||
|
||||
10. Select **Next: Automated response**, notice you have no playbooks to select yet.
|
||||
|
||||
|
|
@ -977,7 +1269,7 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
> **Note**: It may take 15-20 minutes for the alert to fire. You can continue to execute the port scan script to cause log events or you can lower the threshold for the custom alert.
|
||||
|
||||
4. In the dialog, choose **Investigate**.
|
||||
4. In the dialog, choose **Investigate**. Note that it may take a few minutes for the button to be available.
|
||||
|
||||
|
||||
|
||||
|
|
@ -1003,11 +1295,11 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
|
||||
|
||||
4. Select **Create**, after a few moments, the **Logic Apps Designer** will load. If the designer does not load, wait a few minutes and refresh the Playbook list. Select the **Email** playbook.
|
||||
4. Select **Review + Create** then select **Create**. After a few moments, the **Logic Apps Designer** will load. If the designer does not load, wait a few minutes and refresh the Playbook list. Select the **Email** playbook.
|
||||
|
||||
|
||||
|
||||
5. Select the **Get a notification email when Security Center detects a threat** template.
|
||||
5. Select the **Get a notification email when Security Center detects a threat** template.
|
||||
|
||||
|
||||
|
||||
|
|
@ -1039,26 +1331,26 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
1. In the **Azure Sentinel** blade, select **Notebooks**.
|
||||
|
||||
2. In the blade top menu navigation, select **Clone Notebooks**.
|
||||
2. Search for the **Getting Started with Azure Sentinel Notebooks** item.
|
||||
|
||||
3. If not already logged in, select your Azure credentials, the GitHub repo will start to clone into your workspace.
|
||||
3. In the right dialog, select **Launch Notebook**.
|
||||
|
||||
|
||||
|
||||
You will see the GitHub progress meter.
|
||||
4. If not already logged in, select your Azure credentials, the GitHub repo will start to clone into your workspace. You will see the GitHub progress meter.
|
||||
|
||||
|
||||
|
||||
4. Navigate to **My Projects** and select the **Run on Free Compute**.
|
||||
5. The notebook should open in the Jupyter notebooks application. It will also start a container kernel for executing the notebook cells.
|
||||
|
||||
5. Review the various notebooks that are available to you. You can choose to execute some of them, if you do, note that they are continually evolving and being modified so your results may vary.
|
||||
6. Follow the directions of the notebook while executing each cell. The notebook will required you to setup some supported API accounts to merge external security data such as known bad actors and other geographical information.
|
||||
|
||||
### Task 6: Creating Reports with Power BI
|
||||
|
||||
|
||||
### Task 6: Creating reports with Power BI
|
||||
|
||||
1. Navigate back to your **Azure Sentinel** browser window. Select **Logs**.
|
||||
|
||||
>**Note**: You may see a **Welcome to Log Analytics** splash page in the blade. Select **Get Started**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. In the **Schema** tab under **Active**, expand the **LogManagement** node, notice the various options available.
|
||||
|
|
@ -1079,15 +1371,15 @@ Synopsis: In this exercise, you will setup Azure Sentinel to point to a logging
|
|||
|
||||
7. Close **Power BI**.
|
||||
|
||||
## Exercise 6: Using Compliance Tools (Azure Policy, Secure Score and Compliance Manager)
|
||||
## Exercise 7: Using Compliance Tools (Azure Policy, Secure Score and Compliance Manager)
|
||||
|
||||
Duration: 15 minutes
|
||||
|
||||
Synopsis: In this exercise, attendees will learn to navigate the Azure Policy and Secure Score features of Azure. You will also explore the Compliance Manager portal that will provide you helpful tasks that you should consider when attempting to achieve specific compliance policies.
|
||||
In this exercise, attendees will learn to navigate the Azure Policy and Secure Score features of Azure. You will also explore the Compliance Manager portal that will provide you helpful tasks that you should consider when attempting to achieve specific compliance policies.
|
||||
|
||||
### Task 1: Review a basic Azure Policy
|
||||
|
||||
1. Open the [Azure Portal](https://portal.azure.com). Select **All Services**, then type **Policy**. Select **Policy** in the list of items.
|
||||
1. Open the [Azure Portal](https://portal.azure.com). Select **All Services**, then type **policy**. Select **Policy** in the list of items.
|
||||
|
||||
|
||||
|
||||
|
|
@ -1103,7 +1395,7 @@ Synopsis: In this exercise, attendees will learn to navigate the Azure Policy an
|
|||
|
||||
|
||||
|
||||
6. In the filter search box, type **PAW-1** and select it when displayed.
|
||||
6. In the filter search box, type **paw-1** and select it when displayed.
|
||||
|
||||
> **Note**: You may not see resources display right away. If this is the case, then scroll through some other non-compliant resources.
|
||||
|
||||
|
|
@ -1111,7 +1403,7 @@ Synopsis: In this exercise, attendees will learn to navigate the Azure Policy an
|
|||
|
||||
>**Note**: New policies are being created and your number may be different from the image below.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Choose one of the policies. Review the Definition JSON of the policy definition, notice how it is based on ARM Template format and is looking for specific properties to be set of the non-compliant resources.
|
||||
|
||||
|
|
@ -1149,7 +1441,7 @@ Synopsis: In this exercise, attendees will learn to navigate the Azure Policy an
|
|||
|
||||
10. Select **+ Add artifact**.
|
||||
|
||||
11. For the Artifact Type, select **Policy Assignment**, review all the policies available to you (at the time of this writing you would see 37 definitions and 311 policies).
|
||||
11. For the Artifact Type, select **Policy assignment**, review all the policies available to you (at the time of this writing you would see 37 definitions and 311 policies).
|
||||
|
||||
12. In the search box, type **unrestricted**, browse for the **Audit unrestricted network access to storage accounts**.
|
||||
|
||||
|
|
@ -1159,7 +1451,7 @@ Synopsis: In this exercise, attendees will learn to navigate the Azure Policy an
|
|||
|
||||
14. Select **Save Draft**. It may take a few minutes. The blade will automatically change when the save operation finishes.
|
||||
|
||||
15. For the new blueprint, select the ellipses, then select **Publish Blueprint**.
|
||||
15. For the new blueprint, select the ellipses, then select **Publish blueprint**.
|
||||
|
||||
|
||||
|
||||
|
|
@ -1191,7 +1483,7 @@ Synopsis: In this exercise, attendees will learn to navigate the Azure Policy an
|
|||
|
||||
### Task 4: Use Compliance Manager for Azure
|
||||
|
||||
>**Note**: You may need to additional permissions to run this portion of the lab. Contact your Global Administrator.
|
||||
>**Note**: You may need additional permissions to run this portion of the lab. Contact your Global Administrator.
|
||||
|
||||
1. In a browser, go to the Service Trust/Compliance Manager portal (<https://servicetrust.microsoft.com>).
|
||||
|
||||
|
|
|
|||
|
|
@ -1,340 +1,23 @@
|
|||
function Test-Port{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Tests port on computer.
|
||||
|
||||
.DESCRIPTION
|
||||
Tests port on computer.
|
||||
|
||||
.PARAMETER computer
|
||||
Name of server to test the port connection on.
|
||||
|
||||
.PARAMETER port
|
||||
Port to test
|
||||
|
||||
.PARAMETER tcp
|
||||
Use tcp port
|
||||
|
||||
.PARAMETER udp
|
||||
Use udp port
|
||||
|
||||
.PARAMETER UDPTimeOut
|
||||
Sets a timeout for UDP port query. (In milliseconds, Default is 1000)
|
||||
|
||||
.PARAMETER TCPTimeOut
|
||||
Sets a timeout for TCP port query. (In milliseconds, Default is 1000)
|
||||
|
||||
.NOTES
|
||||
Name: Test-Port.ps1
|
||||
Author: Boe Prox
|
||||
DateCreated: 18Aug2010
|
||||
List of Ports: http://www.iana.org/assignments/port-numbers
|
||||
|
||||
To Do:
|
||||
Add capability to run background jobs for each host to shorten the time to scan.
|
||||
.LINK
|
||||
https://boeprox.wordpress.org
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer 'server' -port 80
|
||||
Checks port 80 on server 'server' to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
'server' | Test-Port -port 80
|
||||
Checks port 80 on server 'server' to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer @("server1","server2") -port 80
|
||||
Checks port 80 on server1 and server2 to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -comp dc1 -port 17 -udp -UDPtimeout 10000
|
||||
|
||||
Server : dc1
|
||||
Port : 17
|
||||
TypePort : UDP
|
||||
Open : True
|
||||
Notes : "My spelling is Wobbly. It's good spelling but it Wobbles, and the letters
|
||||
get in the wrong places." A. A. Milne (1882-1958)
|
||||
|
||||
Description
|
||||
-----------
|
||||
Queries port 17 (qotd) on the UDP port and returns whether port is open or not
|
||||
|
||||
.EXAMPLE
|
||||
@("server1","server2") | Test-Port -port 80
|
||||
Checks port 80 on server1 and server2 to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
(Get-Content hosts.txt) | Test-Port -port 80
|
||||
Checks port 80 on servers in host file to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer (Get-Content hosts.txt) -port 80
|
||||
Checks port 80 on servers in host file to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer (Get-Content hosts.txt) -port @(1..59)
|
||||
Checks a range of ports from 1-59 on all servers in the hosts.txt file
|
||||
|
||||
#>
|
||||
[cmdletbinding(
|
||||
DefaultParameterSetName = '',
|
||||
ConfirmImpact = 'low'
|
||||
)]
|
||||
Param(
|
||||
[Parameter(
|
||||
Mandatory = $True,
|
||||
Position = 0,
|
||||
ParameterSetName = '',
|
||||
ValueFromPipeline = $True)]
|
||||
[array]$computer,
|
||||
[Parameter(
|
||||
Position = 1,
|
||||
Mandatory = $True,
|
||||
ParameterSetName = '')]
|
||||
[array]$port,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[int]$TCPtimeout=1000,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[int]$UDPtimeout=1000,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[switch]$TCP,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[switch]$UDP
|
||||
)
|
||||
Begin {
|
||||
If (!$tcp -AND !$udp) {$tcp = $True}
|
||||
#Typically you never do this, but in this case I felt it was for the benefit of the function
|
||||
#as any errors will be noted in the output of the report
|
||||
$ErrorActionPreference = "SilentlyContinue"
|
||||
$report = @()
|
||||
}
|
||||
Process {
|
||||
ForEach ($c in $computer) {
|
||||
ForEach ($p in $port) {
|
||||
If ($tcp) {
|
||||
#Create temporary holder
|
||||
$temp = "" | Select Server, Port, TypePort, Open, Notes
|
||||
#Create object for connecting to port on computer
|
||||
$tcpobject = new-Object system.Net.Sockets.TcpClient
|
||||
#Connect to remote machine's port
|
||||
$connect = $tcpobject.BeginConnect($c,$p,$null,$null)
|
||||
#Configure a timeout before quitting
|
||||
$wait = $connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false)
|
||||
#If timeout
|
||||
If(!$wait) {
|
||||
#Close connection
|
||||
$tcpobject.Close()
|
||||
Write-Verbose "Connection Timeout"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Connection to Port Timed Out"
|
||||
} Else {
|
||||
$error.Clear()
|
||||
$tcpobject.EndConnect($connect) | out-Null
|
||||
#If error
|
||||
If($error[0]){
|
||||
#Begin making error more readable in report
|
||||
[string]$string = ($error[0].exception).message
|
||||
$message = (($string.split(":")[1]).replace('"',"")).TrimStart()
|
||||
$failed = $true
|
||||
}
|
||||
#Close connection
|
||||
$tcpobject.Close()
|
||||
#If unable to query port to due failure
|
||||
If($failed){
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "$message"
|
||||
} Else{
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = ""
|
||||
}
|
||||
}
|
||||
#Reset failed value
|
||||
$failed = $Null
|
||||
#Merge temp array with report
|
||||
$report += $temp
|
||||
}
|
||||
If ($udp) {
|
||||
#Create temporary holder
|
||||
$temp = "" | Select Server, Port, TypePort, Open, Notes
|
||||
#Create object for connecting to port on computer
|
||||
$udpobject = new-Object system.Net.Sockets.Udpclient
|
||||
#Set a timeout on receiving message
|
||||
$udpobject.client.ReceiveTimeout = $UDPTimeout
|
||||
#Connect to remote machine's port
|
||||
Write-Verbose "Making UDP connection to remote server"
|
||||
$udpobject.Connect("$c",$p)
|
||||
#Sends a message to the host to which you have connected.
|
||||
Write-Verbose "Sending message to remote host"
|
||||
$a = new-object system.text.asciiencoding
|
||||
$byte = $a.GetBytes("$(Get-Date)")
|
||||
[void]$udpobject.Send($byte,$byte.length)
|
||||
#IPEndPoint object will allow us to read datagrams sent from any source.
|
||||
Write-Verbose "Creating remote endpoint"
|
||||
$remoteendpoint = New-Object system.net.ipendpoint([system.net.ipaddress]::Any,0)
|
||||
Try {
|
||||
#Blocks until a message returns on this socket from a remote host.
|
||||
Write-Verbose "Waiting for message return"
|
||||
$receivebytes = $udpobject.Receive([ref]$remoteendpoint)
|
||||
[string]$returndata = $a.GetString($receivebytes)
|
||||
If ($returndata) {
|
||||
Write-Verbose "Connection Successful"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = $returndata
|
||||
$udpobject.close()
|
||||
}
|
||||
} Catch {
|
||||
If ($Error[0].ToString() -match "\bRespond after a period of time\b") {
|
||||
#Close connection
|
||||
$udpobject.Close()
|
||||
#Make sure that the host is online and not a false positive that it is open
|
||||
If (Test-Connection -comp $c -count 1 -quiet) {
|
||||
Write-Verbose "Connection Open"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = ""
|
||||
} Else {
|
||||
<#
|
||||
It is possible that the host is not online or that the host is online,
|
||||
but ICMP is blocked by a firewall and this port is actually open.
|
||||
#>
|
||||
Write-Verbose "Host maybe unavailable"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Unable to verify if port is open or if host is unavailable."
|
||||
}
|
||||
} ElseIf ($Error[0].ToString() -match "forcibly closed by the remote host" ) {
|
||||
#Close connection
|
||||
$udpobject.Close()
|
||||
Write-Verbose "Connection Timeout"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Connection to Port Timed Out"
|
||||
} Else {
|
||||
$udpobject.close()
|
||||
}
|
||||
}
|
||||
#Merge temp array with report
|
||||
$report += $temp
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
End {
|
||||
#Generate Report
|
||||
$report
|
||||
}
|
||||
}
|
||||
|
||||
function TestPort($computers, $port)
|
||||
function SSHBruteForce($ip, $count)
|
||||
{
|
||||
write-host "Testing port $port on $computers";
|
||||
$username = "root";
|
||||
$password = "random";
|
||||
|
||||
Test-Port -computer $computers -port $port
|
||||
}
|
||||
|
||||
function TestSpecificPorts($computers, $ports)
|
||||
{
|
||||
foreach($port in $ports)
|
||||
{
|
||||
write-host "Testing port $port on $computers";
|
||||
Test-Port -computer $computers -port $port
|
||||
}
|
||||
}
|
||||
|
||||
function TestPortRange($computers, $startport, $endport)
|
||||
{
|
||||
while($startport -le $endport)
|
||||
for($i=0;$i-lt$count;$i++)
|
||||
{
|
||||
write-host "Testing port $startPort on $computers";
|
||||
|
||||
Test-Port -computer $computers -port $startport
|
||||
$startPort++;
|
||||
}
|
||||
SSHLogin $ip $username "$password-$i";
|
||||
}
|
||||
}
|
||||
|
||||
function InstallNotepadPP()
|
||||
function SSHLogin ($ip,$username, $password)
|
||||
{
|
||||
#check for executables...
|
||||
$item = get-item "C:\Program Files (x86)\Notepad++\notepad++.exe" -ea silentlycontinue;
|
||||
|
||||
if (!$item)
|
||||
{
|
||||
$downloadNotePad = "https://notepad-plus-plus.org/repository/7.x/7.5.4/npp.7.5.4.Installer.exe";
|
||||
$path = "c:\program files\putty\plink.exe"
|
||||
|
||||
mkdir c:\temp
|
||||
|
||||
#download it...
|
||||
Start-BitsTransfer -Source $DownloadNotePad -DisplayName Notepad -Destination "c:\temp\npp.exe"
|
||||
|
||||
#install it...
|
||||
$productPath = "c:\temp";
|
||||
$productExec = "npp.exe"
|
||||
$argList = "/S"
|
||||
start-process "$productPath\$productExec" -ArgumentList $argList -wait
|
||||
}
|
||||
start-process $path -ArgumentList "$username@$ip -pw $password"
|
||||
|
||||
stop-process -Name "plink" -ea SilentlyContinue
|
||||
}
|
||||
|
||||
function SetupHosts()
|
||||
{
|
||||
$path = "C:\Windows\System32\drivers\etc\hosts";
|
||||
$content = get-content $path -raw
|
||||
|
||||
if (!$content.contains("web-1"))
|
||||
{
|
||||
add-content $path "10.2.0.4`tweb-1";
|
||||
}
|
||||
|
||||
if (!$content.contains("db-1"))
|
||||
{
|
||||
add-content $path "10.1.0.4`tdb-1";
|
||||
}
|
||||
}
|
||||
|
||||
InstallNotepadPP;
|
||||
|
||||
SetupHosts;
|
||||
|
||||
$computers = @("web-1","db-1");
|
||||
|
||||
TestPort $computers 3389;
|
||||
|
||||
TestPort $computers 1433;
|
||||
|
||||
function Test-Port{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
|
|
@ -662,11 +345,365 @@ function SetupHosts()
|
|||
}
|
||||
}
|
||||
|
||||
function Test-Port{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Tests port on computer.
|
||||
|
||||
.DESCRIPTION
|
||||
Tests port on computer.
|
||||
|
||||
.PARAMETER computer
|
||||
Name of server to test the port connection on.
|
||||
|
||||
.PARAMETER port
|
||||
Port to test
|
||||
|
||||
.PARAMETER tcp
|
||||
Use tcp port
|
||||
|
||||
.PARAMETER udp
|
||||
Use udp port
|
||||
|
||||
.PARAMETER UDPTimeOut
|
||||
Sets a timeout for UDP port query. (In milliseconds, Default is 1000)
|
||||
|
||||
.PARAMETER TCPTimeOut
|
||||
Sets a timeout for TCP port query. (In milliseconds, Default is 1000)
|
||||
|
||||
.NOTES
|
||||
Name: Test-Port.ps1
|
||||
Author: Boe Prox
|
||||
DateCreated: 18Aug2010
|
||||
List of Ports: http://www.iana.org/assignments/port-numbers
|
||||
|
||||
To Do:
|
||||
Add capability to run background jobs for each host to shorten the time to scan.
|
||||
.LINK
|
||||
https://boeprox.wordpress.org
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer 'server' -port 80
|
||||
Checks port 80 on server 'server' to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
'server' | Test-Port -port 80
|
||||
Checks port 80 on server 'server' to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer @("server1","server2") -port 80
|
||||
Checks port 80 on server1 and server2 to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -comp dc1 -port 17 -udp -UDPtimeout 10000
|
||||
|
||||
Server : dc1
|
||||
Port : 17
|
||||
TypePort : UDP
|
||||
Open : True
|
||||
Notes : "My spelling is Wobbly. It's good spelling but it Wobbles, and the letters
|
||||
get in the wrong places." A. A. Milne (1882-1958)
|
||||
|
||||
Description
|
||||
-----------
|
||||
Queries port 17 (qotd) on the UDP port and returns whether port is open or not
|
||||
|
||||
.EXAMPLE
|
||||
@("server1","server2") | Test-Port -port 80
|
||||
Checks port 80 on server1 and server2 to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
(Get-Content hosts.txt) | Test-Port -port 80
|
||||
Checks port 80 on servers in host file to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer (Get-Content hosts.txt) -port 80
|
||||
Checks port 80 on servers in host file to see if it is listening
|
||||
|
||||
.EXAMPLE
|
||||
Test-Port -computer (Get-Content hosts.txt) -port @(1..59)
|
||||
Checks a range of ports from 1-59 on all servers in the hosts.txt file
|
||||
|
||||
#>
|
||||
[cmdletbinding(
|
||||
DefaultParameterSetName = '',
|
||||
ConfirmImpact = 'low'
|
||||
)]
|
||||
Param(
|
||||
[Parameter(
|
||||
Mandatory = $True,
|
||||
Position = 0,
|
||||
ParameterSetName = '',
|
||||
ValueFromPipeline = $True)]
|
||||
[array]$computer,
|
||||
[Parameter(
|
||||
Position = 1,
|
||||
Mandatory = $True,
|
||||
ParameterSetName = '')]
|
||||
[array]$port,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[int]$TCPtimeout=1000,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[int]$UDPtimeout=1000,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[switch]$TCP,
|
||||
[Parameter(
|
||||
Mandatory = $False,
|
||||
ParameterSetName = '')]
|
||||
[switch]$UDP
|
||||
)
|
||||
Begin {
|
||||
If (!$tcp -AND !$udp) {$tcp = $True}
|
||||
#Typically you never do this, but in this case I felt it was for the benefit of the function
|
||||
#as any errors will be noted in the output of the report
|
||||
$ErrorActionPreference = "SilentlyContinue"
|
||||
$report = @()
|
||||
}
|
||||
Process {
|
||||
ForEach ($c in $computer) {
|
||||
ForEach ($p in $port) {
|
||||
If ($tcp) {
|
||||
#Create temporary holder
|
||||
$temp = "" | Select Server, Port, TypePort, Open, Notes
|
||||
#Create object for connecting to port on computer
|
||||
$tcpobject = new-Object system.Net.Sockets.TcpClient
|
||||
#Connect to remote machine's port
|
||||
$connect = $tcpobject.BeginConnect($c,$p,$null,$null)
|
||||
#Configure a timeout before quitting
|
||||
$wait = $connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false)
|
||||
#If timeout
|
||||
If(!$wait) {
|
||||
#Close connection
|
||||
$tcpobject.Close()
|
||||
Write-Verbose "Connection Timeout"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Connection to Port Timed Out"
|
||||
} Else {
|
||||
$error.Clear()
|
||||
$tcpobject.EndConnect($connect) | out-Null
|
||||
#If error
|
||||
If($error[0]){
|
||||
#Begin making error more readable in report
|
||||
[string]$string = ($error[0].exception).message
|
||||
$message = (($string.split(":")[1]).replace('"',"")).TrimStart()
|
||||
$failed = $true
|
||||
}
|
||||
#Close connection
|
||||
$tcpobject.Close()
|
||||
#If unable to query port to due failure
|
||||
If($failed){
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "$message"
|
||||
} Else{
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "TCP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = ""
|
||||
}
|
||||
}
|
||||
#Reset failed value
|
||||
$failed = $Null
|
||||
#Merge temp array with report
|
||||
$report += $temp
|
||||
}
|
||||
If ($udp) {
|
||||
#Create temporary holder
|
||||
$temp = "" | Select Server, Port, TypePort, Open, Notes
|
||||
#Create object for connecting to port on computer
|
||||
$udpobject = new-Object system.Net.Sockets.Udpclient
|
||||
#Set a timeout on receiving message
|
||||
$udpobject.client.ReceiveTimeout = $UDPTimeout
|
||||
#Connect to remote machine's port
|
||||
Write-Verbose "Making UDP connection to remote server"
|
||||
$udpobject.Connect("$c",$p)
|
||||
#Sends a message to the host to which you have connected.
|
||||
Write-Verbose "Sending message to remote host"
|
||||
$a = new-object system.text.asciiencoding
|
||||
$byte = $a.GetBytes("$(Get-Date)")
|
||||
[void]$udpobject.Send($byte,$byte.length)
|
||||
#IPEndPoint object will allow us to read datagrams sent from any source.
|
||||
Write-Verbose "Creating remote endpoint"
|
||||
$remoteendpoint = New-Object system.net.ipendpoint([system.net.ipaddress]::Any,0)
|
||||
Try {
|
||||
#Blocks until a message returns on this socket from a remote host.
|
||||
Write-Verbose "Waiting for message return"
|
||||
$receivebytes = $udpobject.Receive([ref]$remoteendpoint)
|
||||
[string]$returndata = $a.GetString($receivebytes)
|
||||
If ($returndata) {
|
||||
Write-Verbose "Connection Successful"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = $returndata
|
||||
$udpobject.close()
|
||||
}
|
||||
} Catch {
|
||||
If ($Error[0].ToString() -match "\bRespond after a period of time\b") {
|
||||
#Close connection
|
||||
$udpobject.Close()
|
||||
#Make sure that the host is online and not a false positive that it is open
|
||||
If (Test-Connection -comp $c -count 1 -quiet) {
|
||||
Write-Verbose "Connection Open"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "True"
|
||||
$temp.Notes = ""
|
||||
} Else {
|
||||
<#
|
||||
It is possible that the host is not online or that the host is online,
|
||||
but ICMP is blocked by a firewall and this port is actually open.
|
||||
#>
|
||||
Write-Verbose "Host maybe unavailable"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Unable to verify if port is open or if host is unavailable."
|
||||
}
|
||||
} ElseIf ($Error[0].ToString() -match "forcibly closed by the remote host" ) {
|
||||
#Close connection
|
||||
$udpobject.Close()
|
||||
Write-Verbose "Connection Timeout"
|
||||
#Build report
|
||||
$temp.Server = $c
|
||||
$temp.Port = $p
|
||||
$temp.TypePort = "UDP"
|
||||
$temp.Open = "False"
|
||||
$temp.Notes = "Connection to Port Timed Out"
|
||||
} Else {
|
||||
$udpobject.close()
|
||||
}
|
||||
}
|
||||
#Merge temp array with report
|
||||
$report += $temp
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
End {
|
||||
#Generate Report
|
||||
$report
|
||||
}
|
||||
}
|
||||
|
||||
function TestPort($computers, $port)
|
||||
{
|
||||
write-host "Testing port $port on $computers";
|
||||
|
||||
Test-Port -computer $computers -port $port
|
||||
}
|
||||
|
||||
function TestSpecificPorts($computers, $ports)
|
||||
{
|
||||
foreach($port in $ports)
|
||||
{
|
||||
write-host "Testing port $port on $computers";
|
||||
Test-Port -computer $computers -port $port
|
||||
}
|
||||
}
|
||||
|
||||
function TestPortRange($computers, $startport, $endport)
|
||||
{
|
||||
while($startport -le $endport)
|
||||
{
|
||||
write-host "Testing port $startPort on $computers";
|
||||
|
||||
Test-Port -computer $computers -port $startport
|
||||
$startPort++;
|
||||
}
|
||||
}
|
||||
|
||||
function InstallPutty()
|
||||
{
|
||||
#check for executables...
|
||||
$item = get-item "C:\Program Files\Putty\putty.exe" -ea silentlycontinue;
|
||||
|
||||
if (!$item)
|
||||
{
|
||||
$downloadNotePad = "https://the.earth.li/~sgtatham/putty/latest/w64/putty-64bit-0.73-installer.msi";
|
||||
|
||||
mkdir c:\temp -ea silentlycontinue
|
||||
|
||||
#download it...
|
||||
Start-BitsTransfer -Source $DownloadNotePad -DisplayName Notepad -Destination "c:\temp\putty.msi"
|
||||
|
||||
msiexec.exe /I c:\temp\Putty.msi /quiet
|
||||
}
|
||||
}
|
||||
|
||||
function InstallNotepadPP()
|
||||
{
|
||||
#check for executables...
|
||||
$item = get-item "C:\Program Files (x86)\Notepad++\notepad++.exe" -ea silentlycontinue;
|
||||
|
||||
if (!$item)
|
||||
{
|
||||
$downloadNotePad = "https://notepad-plus-plus.org/repository/7.x/7.5.4/npp.7.5.4.Installer.exe";
|
||||
|
||||
mkdir c:\temp -ea silentlycontinue
|
||||
|
||||
#download it...
|
||||
Start-BitsTransfer -Source $DownloadNotePad -DisplayName Notepad -Destination "c:\temp\npp.exe"
|
||||
|
||||
#install it...
|
||||
$productPath = "c:\temp";
|
||||
$productExec = "npp.exe"
|
||||
$argList = "/S"
|
||||
start-process "$productPath\$productExec" -ArgumentList $argList -wait
|
||||
}
|
||||
}
|
||||
|
||||
function SetupHosts()
|
||||
{
|
||||
$path = "C:\Windows\System32\drivers\etc\hosts";
|
||||
$content = get-content $path -raw
|
||||
|
||||
if (!$content.contains("web-1"))
|
||||
{
|
||||
add-content $path "10.2.0.4`tweb-1";
|
||||
}
|
||||
|
||||
if (!$content.contains("db-1"))
|
||||
{
|
||||
add-content $path "10.1.0.4`tdb-1";
|
||||
}
|
||||
|
||||
if (!$content.contains("linux-1"))
|
||||
{
|
||||
add-content $path "10.0.0.5`tlinux-1";
|
||||
}
|
||||
}
|
||||
|
||||
# Exercise 4 - Securing the network
|
||||
|
||||
InstallNotepadPP;
|
||||
|
||||
InstallPutty;
|
||||
|
||||
SetupHosts;
|
||||
|
||||
$computers = @("web-1","db-1");
|
||||
$computers = @("web-1","db-1","linux-1");
|
||||
|
||||
#test RDP connectivity
|
||||
TestPort $computers 3389;
|
||||
|
|
@ -677,8 +714,7 @@ TestPort $computers 1433;
|
|||
#test HTTP connectivity
|
||||
TestPort $computers 80;
|
||||
|
||||
#TestPortRange $computers 80 443;
|
||||
|
||||
TestPort $computers 443;
|
||||
|
||||
#TestPortRange $computers 80 443;
|
||||
# Exercise 5
|
||||
<#
|
||||
SSHBruteForce "linux-1" 1000;
|
||||
#>
|
||||
Двоичный файл не отображается.
|
|
@ -0,0 +1,2 @@
|
|||
#run a firewall rule
|
||||
$(netsh firewall add portopening TCP 1433 "Open Port 1433")
|
||||
|
|
@ -23,6 +23,23 @@
|
|||
"vmSize": {
|
||||
"defaultValue": "Standard_E2s_v3",
|
||||
"type": "string"
|
||||
},
|
||||
"region": {
|
||||
"defaultValue": "East US 2",
|
||||
"type": "string",
|
||||
"allowedValues": [
|
||||
"Australia Southeast",
|
||||
"Canada Central",
|
||||
"Central India",
|
||||
"East US 2",
|
||||
"Japan East",
|
||||
"South Central US",
|
||||
"Southeast Asia",
|
||||
"UK South",
|
||||
"West Cental US",
|
||||
"West Europe",
|
||||
"West US 2"
|
||||
]
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
|
|
@ -37,20 +54,48 @@
|
|||
"publicIpAddressName": "dsvm-ip",
|
||||
"dsvmdnsName": "[concat('dsvm',uniqueString(resourceGroup().id))]",
|
||||
"publicIpAddressType": "Dynamic",
|
||||
"diagStorageAccountName": "[concat('diagstor', uniqueString(resourceGroup().id))]"
|
||||
"diagStorageAccountName": "[concat('diagstor', uniqueString(resourceGroup().id))]",
|
||||
"automationMap" : {
|
||||
"Australia Southeast" : { "region": "Australia Southeast"},
|
||||
"Canada Central" : { "region": "Canada Central"},
|
||||
"Central India" : { "region": "Central India"},
|
||||
"East US" : { "region": "East US"},
|
||||
"East US 2" : { "region": "East US"},
|
||||
"Japan East" : { "region": "Japan East"},
|
||||
"South Central US" : { "region": "South Central US"},
|
||||
"Southeast Asia" : { "region": "Southeast Asia"},
|
||||
"UK South" : { "region": "UK South"},
|
||||
"West Cental US" : { "region": "West Cental US 2"},
|
||||
"West Cental US 2" : { "region": "West Cental US 2"},
|
||||
"West Europe" : { "region": "West Europe"},
|
||||
"West US 2" : { "region": "West US 2"}
|
||||
}
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Automation/automationAccounts",
|
||||
"apiVersion": "2015-10-31",
|
||||
"name": "[concat('azseclog', uniqueString(resourceGroup().id))]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"sku": {
|
||||
"name": "Basic"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "microsoft.operationalinsights/workspaces",
|
||||
"name": "[concat('azseclog', uniqueString(resourceGroup().id))]",
|
||||
"apiVersion": "2015-11-01-preview",
|
||||
"location": "eastus",
|
||||
"apiVersion": "2020-03-01-preview",
|
||||
"location": "[variables('automationMap')[parameters('region')].region]",
|
||||
"scale": null,
|
||||
"properties": {
|
||||
"sku": {
|
||||
"name": "Standalone"
|
||||
},
|
||||
"retentionInDays": 31
|
||||
"retentionInDays": 31,
|
||||
"publicNetworkAccessForIngestion": "Enabled",
|
||||
"publicNetworkAccessForQuery": "Enabled"
|
||||
},
|
||||
"dependsOn": []
|
||||
},
|
||||
|
|
@ -58,7 +103,7 @@
|
|||
"name": "[variables('virtualMachineName')]",
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"apiVersion": "2016-04-30-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/networkInterfaces/', variables('DSVM-networkInterfaceName'))]"
|
||||
],
|
||||
|
|
@ -107,7 +152,7 @@
|
|||
"name": "[variables('virtualNetworkName')]",
|
||||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
"addressPrefixes": [
|
||||
|
|
@ -128,7 +173,7 @@
|
|||
"name": "[variables('DSVM-networkInterfaceName')]",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
|
||||
"[concat('Microsoft.Network/publicIpAddresses/', variables('publicIpAddressName'))]",
|
||||
|
|
@ -158,7 +203,7 @@
|
|||
"name": "[variables('publicIpAddressName')]",
|
||||
"type": "Microsoft.Network/publicIpAddresses",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"publicIpAllocationMethod": "[variables('publicIpAddressType')]",
|
||||
"dnsSettings": {
|
||||
|
|
@ -173,7 +218,7 @@
|
|||
"name": "[variables('networkSecurityGroupName')]",
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"apiVersion": "2017-06-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"securityRules": [
|
||||
{
|
||||
|
|
@ -226,7 +271,7 @@
|
|||
"kind": "Storage",
|
||||
"name": "[variables('diagStorageAccountName')]",
|
||||
"apiVersion": "2017-10-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"supportsHttpsTrafficOnly": "false",
|
||||
"encryption": {
|
||||
|
|
@ -247,7 +292,7 @@
|
|||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"name": "dbVnet",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
"addressPrefixes": [
|
||||
|
|
@ -269,7 +314,7 @@
|
|||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"name": "mainVNet",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
"addressPrefixes": [
|
||||
|
|
@ -290,7 +335,7 @@
|
|||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"name": "webVNet",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
"addressPrefixes": [
|
||||
|
|
@ -383,7 +428,7 @@
|
|||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"name": "DbTrafficOnly",
|
||||
"apiVersion": "2017-06-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"securityRules": [
|
||||
{
|
||||
|
|
@ -412,9 +457,23 @@
|
|||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"name": "paw-1-nsg",
|
||||
"apiVersion": "2017-06-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"securityRules": [ ]
|
||||
"securityRules": [
|
||||
{
|
||||
"name": "default-allow-rdp",
|
||||
"properties": {
|
||||
"priority": 1030,
|
||||
"protocol": "TCP",
|
||||
"access": "Allow",
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "3389"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"dependsOn": [ ]
|
||||
},
|
||||
|
|
@ -422,7 +481,7 @@
|
|||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"name": "WebTrafficOnly",
|
||||
"apiVersion": "2017-06-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"securityRules": [
|
||||
{
|
||||
|
|
@ -451,7 +510,7 @@
|
|||
"type": "Microsoft.Sql/servers",
|
||||
"name": "[parameters('sqlservername')]",
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"administratorLogin": "[parameters('adminUsername')]",
|
||||
"administratorLoginPassword": "[parameters('adminPassword')]",
|
||||
|
|
@ -462,7 +521,7 @@
|
|||
"type": "databases",
|
||||
"name": "[parameters('databaseName')]",
|
||||
"apiVersion": "2014-04-01-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"collation": "SQL_Latin1_General_CP1_CI_AS",
|
||||
"edition": "Standard",
|
||||
|
|
@ -477,7 +536,7 @@
|
|||
"type": "firewallrules",
|
||||
"name": "AllowAllWindowsAzureIps",
|
||||
"apiVersion": "2014-04-01-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"endIpAddress": "0.0.0.0",
|
||||
"startIpAddress": "0.0.0.0"
|
||||
|
|
@ -488,11 +547,96 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"apiVersion": "2019-07-01",
|
||||
"name": "linux-1",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/networkInterfaces/', 'linux-1-nic')]",
|
||||
"[concat('Microsoft.Storage/storageAccounts/', variables('diagStorageAccountName'))]"
|
||||
],
|
||||
"properties": {
|
||||
"hardwareProfile": {
|
||||
"vmSize": "Standard_DS1_v2"
|
||||
},
|
||||
"storageProfile": {
|
||||
"imageReference": {
|
||||
"publisher": "Canonical",
|
||||
"offer": "UbuntuServer",
|
||||
"sku": "18.04-LTS",
|
||||
"version": "latest"
|
||||
},
|
||||
"osDisk": {
|
||||
"osType": "Linux",
|
||||
"name": "linux-1-os",
|
||||
"createOption": "FromImage",
|
||||
"caching": "ReadWrite",
|
||||
"managedDisk": {
|
||||
"storageAccountType": "Premium_LRS"
|
||||
},
|
||||
"diskSizeGB": 30
|
||||
},
|
||||
"dataDisks": []
|
||||
},
|
||||
"osProfile": {
|
||||
"computerName": "linux-1",
|
||||
"adminUsername": "[parameters('adminUsername')]",
|
||||
"adminPassword": "[parameters('adminPassword')]",
|
||||
"linuxConfiguration": {
|
||||
"disablePasswordAuthentication": false,
|
||||
"provisionVMAgent": true
|
||||
},
|
||||
"secrets": [],
|
||||
"allowExtensionOperations": true
|
||||
},
|
||||
"networkProfile": {
|
||||
"networkInterfaces": [
|
||||
{
|
||||
"id": "[resourceId('Microsoft.Network/networkInterfaces', 'linux-1-nic')]"
|
||||
}
|
||||
]
|
||||
},
|
||||
"diagnosticsProfile": {
|
||||
"bootDiagnostics": {
|
||||
"enabled": true,
|
||||
"storageUri": "[reference(resourceId(resourceGroup().name, 'Microsoft.Storage/storageAccounts', variables('diagStorageAccountName')), '2015-06-15').primaryEndpoints['blob']]"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "linux-1-nic",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/virtualNetworks/', 'mainVNet')]",
|
||||
"[concat('Microsoft.Network/networkSecurityGroups/', 'paw-1-nsg')]"
|
||||
],
|
||||
"properties": {
|
||||
"ipConfigurations": [
|
||||
{
|
||||
"name": "ipconfig1",
|
||||
"properties": {
|
||||
"subnet": {
|
||||
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'mainVNet', 'default')]"
|
||||
},
|
||||
"privateIPAllocationMethod": "Dynamic"
|
||||
}
|
||||
}
|
||||
],
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', 'paw-1-nsg')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
,
|
||||
{
|
||||
"name": "paw-1",
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"apiVersion": "2016-04-30-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/networkInterfaces/', 'paw-1-nic')]",
|
||||
"[concat('Microsoft.Storage/storageAccounts/', variables('diagStorageAccountName'))]"
|
||||
|
|
@ -543,7 +687,7 @@
|
|||
"name": "paw-1-nic",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/publicIpAddresses/', 'paw-1-ip')]",
|
||||
"[concat('Microsoft.Network/virtualNetworks/', 'mainVNet')]",
|
||||
|
|
@ -573,7 +717,7 @@
|
|||
"name": "paw-1-ip",
|
||||
"type": "Microsoft.Network/publicIPAddresses",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"publicIPAddressVersion": "IPv4",
|
||||
"publicIPAllocationMethod": "Dynamic"
|
||||
|
|
@ -583,7 +727,7 @@
|
|||
"name": "db-1",
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"apiVersion": "2016-04-30-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/networkInterfaces/', 'db-1-nic')]",
|
||||
"[concat('Microsoft.Storage/storageAccounts/', variables('diagStorageAccountName'))]"
|
||||
|
|
@ -634,7 +778,7 @@
|
|||
"name": "db-1-nic",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/virtualNetworks/', 'dbVnet')]",
|
||||
"[concat('Microsoft.Network/networkSecurityGroups/', 'DbTrafficOnly')]"
|
||||
|
|
@ -660,7 +804,7 @@
|
|||
"name": "web-1",
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"apiVersion": "2016-04-30-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/networkInterfaces/', 'web-1-nic')]",
|
||||
"[concat('Microsoft.Storage/storageAccounts/', variables('diagStorageAccountName'))]"
|
||||
|
|
@ -711,7 +855,7 @@
|
|||
"name": "web-1-nic",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/publicIpAddresses/', 'web-1-ip')]",
|
||||
"[concat('Microsoft.Network/virtualNetworks/', 'webVNet')]",
|
||||
|
|
@ -741,7 +885,7 @@
|
|||
"name": "web-1-ip",
|
||||
"type": "Microsoft.Network/publicIpAddresses",
|
||||
"apiVersion": "2017-08-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"publicIPAddressVersion": "IPv4",
|
||||
"publicIpAllocationMethod": "Dynamic"
|
||||
|
|
@ -751,7 +895,7 @@
|
|||
"type": "Microsoft.Compute/virtualMachines/extensions",
|
||||
"name": "[concat('web-1','/', 'dscExtension')]",
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Compute/virtualMachines/', 'web-1')]"
|
||||
],
|
||||
|
|
@ -770,11 +914,33 @@
|
|||
"protectedSettings": null
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Compute/virtualMachines/extensions",
|
||||
"name": "[concat('db-1','/', 'csExtension')]",
|
||||
"apiVersion": "2018-10-01",
|
||||
"location": "[parameters('region')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Compute/virtualMachines/', 'db-1')]"
|
||||
],
|
||||
"properties": {
|
||||
"publisher": "Microsoft.Compute",
|
||||
"type": "CustomScriptExtension",
|
||||
"typeHandlerVersion": "1.7",
|
||||
"autoUpgradeMinorVersion": true,
|
||||
"settings": {
|
||||
"fileUris" : [
|
||||
"https://raw.githubusercontent.com/givenscj/MCW-Security-baseline-on-Azure/master/Hands-on%20lab/Scripts/Set_FirewallRule/Set_FirewallRule.ps1"
|
||||
],
|
||||
"commandToExecute" : "powershell.exe -ExecutionPolicy bypass -File Set_FirewallRule.ps1"
|
||||
},
|
||||
"protectedSettings": null
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.KeyVault/vaults",
|
||||
"name": "[concat('kv', uniqueString(resourceGroup().id))]",
|
||||
"apiVersion": "2015-06-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"location": "[parameters('region')]",
|
||||
"properties": {
|
||||
"sku": {
|
||||
"family": "A",
|
||||
|
|
|
|||
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 73 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 227 KiB |
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/bhol_securitycenter.png
Normal file
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/bhol_securitycenter.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 55 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 106 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 56 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 169 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 55 KiB |
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/diskencryption.png
Normal file
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/diskencryption.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 120 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 302 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 175 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 122 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 125 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 168 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 344 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 125 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 36 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 17 KiB После Ширина: | Высота: | Размер: 74 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 21 KiB После Ширина: | Высота: | Размер: 66 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 81 KiB После Ширина: | Высота: | Размер: 114 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 43 KiB После Ширина: | Высота: | Размер: 145 KiB |
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 13 KiB После Ширина: | Высота: | Размер: 83 KiB |
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/jupyter-sentinel.png
Normal file
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/jupyter-sentinel.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 282 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 117 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 111 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 162 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 55 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 129 KiB |
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/packetcapture.png
Normal file
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/packetcapture.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 101 KiB |
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/putty-linux-1.png
Normal file
Двоичные данные
Hands-on lab/images/Hands-onlabstep-bystep-Azuresecurityprivacyandcomplianceimages/media/putty-linux-1.png
Normal file
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 45 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 62 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 128 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 167 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 81 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 124 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 167 KiB |
Двоичные данные
Hands-on lab/media/2020-01-12-12-49-13.png
Двоичные данные
Hands-on lab/media/2020-01-12-12-49-13.png
Двоичный файл не отображается.
|
До Ширина: | Высота: | Размер: 83 KiB После Ширина: | Высота: | Размер: 86 KiB |
|
|
@ -4,7 +4,7 @@ Contoso Ltd is a multinational corporation, headquartered in the United States t
|
|||
|
||||
They are exploring a lift and shift strategy to Azure, but have a large focus on Azure Security and Privacy features.
|
||||
|
||||
February 2020
|
||||
July 2020
|
||||
|
||||
## Target audience
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Security baseline on Azure
|
|||
</div>
|
||||
|
||||
<div class="MCWHeader3">
|
||||
February 2020
|
||||
July 2020
|
||||
</div>
|
||||
|
||||
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Security baseline on Azure
|
|||
</div>
|
||||
|
||||
<div class="MCWHeader3">
|
||||
February 2020
|
||||
July 2020
|
||||
</div>
|
||||
|
||||
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче