Security in Windows Azure

Mihai TataranGeneral Manager, Avaelgo & Avaelgo Training

Microsoft MVP on Windows AzureMihai.Tataran@Avaelgo.ro

Agenda

•General considerations on Security•Typical threats and attacks•Applying to Windows Azure•Security Development Lifecycle•How to protect

General considerations

•What to secure: network, host, data, application• Stuff which falls between the cracks• Think about security holistically

•Technology•People

Security frame•We need to organize security knowledge in a set of actionable items• Auditing• Authentication and Authorization• Communication• Configuration Management• Cryptography• Exception Management• Sensitive Data• Session Management• Validation

Threats and attacks• Auditing: • Disclosure of confidential information from log files• Denial of service

• Authentication:• Network eavesdropping• Brute force / dictionary attacks• Cookie replay• Credential theft

• Authorization:• Elevation of privilege• Token stealing

Threats and attacks• Communication:• Failure to encrypt messages• Theft of encryption keys• Man in the middle• Session replay• Data tampering

• Configuration Management:• Unauthorized access to config stores

• Cryptography:• Encryption cracking• Loss of decryption keys

Threats and attacks• Exception Management:

• Information disclosure• Denial of service• Elevation of privilege

• Input validation:• Cross site scripting, Cross site request forgery• SQL Injection• XML bomb

• Sensitive data:• Memory dumping• Sniffing

Applying to Windows Azure – short intro• What is the Cloud• What is Windows Azure • Its advantages and disadvantages

Applying to Windows Azure – what to protect • Virtual Machines• Virtual Network• SQL Database• Azure Storage• Application• Caching • Etc.

Applying to Windows Azure - infrastructure• Port scanning: the only open ports are those defined by us!• Denial of service:

• External: depends on our settings, but the Fabric Controller tries to identify the attacks• Internal: all DOS attacks initiated from internal VMs will result in

removing those VMs from the network

• Spoofing: compromised machines cannot impersonate VMs from the Fabric Controller (broadcast and multicast are blocked, https between VMs and FC)• Sniffing: the Hyper-V switch prevents sniffing from a VM to

another VM on the same host; racks switches block it to other VMs• VMs are untrusted by the Root OS Hypervisor

Applying to Windows Azure - application• Use custom domains instead of myapp.cloudapp.net

and scope cookies to your custom domain; scripting!• Access to Azure Storage using Shared Access

Signatures; attention to REST query injection• SQL Database: pay attention to SQL Injection; no TDE• Auditing -> Azure Tables• Authentication using Azure’s ACS, Azure AD, Windows

Identity Foundation -> rely on existing patterns and user stores!

DEMO• Attacker gets sensitive information from a Windows

Azure Storage account• ARP Poisoning• Sniffing• Just a bit of luck

Conclusion• Azure’s infrastructure is very secured• But our artefacts: app, data, etc. – not necessarily

References • Azure Security Notes: http://

blogs.msdn.com/b/jmeier/archive/2010/08/03/now-available-azure-security-notes-pdf.aspx