Module 4 : Manage Security Operations
- Azure Monitor
- Azure Security Center
- Azure Sentinel
- Hands-on Labs
- Lab 13 : Azure Monitor
- Lab 14 : Azure Security Center
- Lab 15 : Azure Sentinel
Module 4 : Manage Security Operations
Module 3 : Secure Data and Application
Module 2 : Implement Platform Protection
Module 1 : Manage Identity
On Sept. 14, 2021, Microsoft’s Security Response Center (MSRC) released security patches detailing the findings of four (4) critical vulnerabilities affecting the Microsoft Azure package Open Management Infrastructure (OMI).
The open-source OMI package is designed to provide a portable infrastructure backbone for web-based management tools, such as diagnostic monitoring, log analytic services and automation functionality within UNIX and Linux systems. OMI is used by Microsoft Azure to manage UNIX packages within Azure virtual machines (VMs), containers and serverless cloud instances.
According to Microsoft’s security release notes, any system created, or which has updated its OMI package, after Aug. 11, 2021, should automatically be patched.
The OMI security vulnerabilities cut across multiple Azure services, including but not limited to:
Microsoft uses OMI in these Azure services, but its agent runs as root privileges and any user can communicate with it using a UNIX socket or via an HTTP API when configured to allow external access. External users with low privileges can simply execute code remotely on a targeted machine.
OMI agent is listening on TCP port 5985. All OMI versions below v1.6.8-1 are vulnerable. For manual remediation, get the update from OMI GitHub v.1.6.8-1
Links:
The OWASP Top 10 is an awareness document that highlights the top 10 most critical web application security risks. The risks are in a ranked order based on frequency, severity, and magnitude for impact.
OWASP has maintained this list since 2003, and every few years, they update the list based on advancements in both application development and application security.
The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on securing web applications during the ever-evolving development process.
OWASP released their new OWASP Top 10 for 2021. Check out the changes below:
OWASP Top 10: 2017 Vs 2021 |
Examples of the new changes include:
Links:
Today learned a simple way to increase the speed of playing Facebook video. And the steps below is the same for Firefox or Chrome or Edge browsers.
Steps:
Instead of 1.25, you can put like 1.5 (for 50% speed increase) or 2 (for 100% speed increase)
console |
Links:
Google Chrome: chrome://dino
chrome://dino |
Microsoft Edge: edge://surf
edge://surf |