März 2023 - Seite 23 von 46 - Cloud Computing Köln

Google Cloud provides many layers of security for protecting your users and data. Session length is a configuration parameter that administrators can set to control how long users can access Google Cloud without having to reauthenticate. Managing session length is foundational to cloud security and it ensures access to Google Cloud services is time-bound after a successful authentication. Google Cloud session management provides flexible options for setting up session controls based on your organization’s security policy needs. To further improve security for our customers, we are rolling out a recommended default 16-hour session length to existing Google Cloud customers.Many apps and services can access sensitive data or perform sensitive actions. It’s important that only specific users can access that information and functionality for a period of time. By requiring periodic reauthentication, you can make it more difficult for unauthorized people to obtain that data if they gain access to credentials or devices.Enhancing your security with Google Cloud session controlsThere are two tiers of session management for Google Cloud: one for managing user connections to Google services (e.g. Gmail on the web), and another for managing user connections to Google Cloud services (e.g. Google Cloud console). This blog outlines the session control updates for Google Cloud services.Google Cloud customers can quickly set up session length controls by selecting the default recommended reauthentication frequency. For existing customers who have session length configured to Never Expire, we are updating the session length to 16 hours.Google Cloud session control: Reauthentication policyThis new default session length rollout helps our customers gain situational awareness of their security posture. It ensures that customers did not mistakenly grant infinite session length to users or apps using Oauth user scopes. After the time bound session expires, users will need to reauthenticate with their login credentials to continue their access. The session length changes impact the following services and apps:Google Cloud Consolegcloud command-line toolAny other app that requires Google Cloud scopesThe session control settings can be customized for specific organizations, and the policies apply to all users within that organization. When choosing a session length, admins have the following options:Choose from a range of predefined session lengths, or set a custom session length between 1 and 24 hours. This is a timed session length that expires the session based on the session length regardless of the user’s activity.Configure whether users can use just their password, or are required to use a Security Key to reauthenticate.How to get started The session length will be on by default for 16 hours for existing customers and can be enabled at the Organizational Unit (OU) level. Here are steps for the admins and users to get started:Admins: Find the session length controls at Admin console > Security > Access and data control > Google Cloud session control. Visit the Help Center to learn more about how to set session length for Google Cloud services. End users: If a session ends, users will simply need to log in to their account again using the familiar Google login flow. Sample Use CasesThird-party SAML identity providers and session length controls If your organization uses a third-party SAML-based identity provider (IdP), the cloud sessions will expire, but the user may be transparently re-authenticated (i.e., without actually being asked to present their credentials) if their session with the IdP is valid at that time. This is expected behavior as Google will redirect the user to the IdP and accept a valid assertion from the IdP. To ensure that users are required to reauthenticate at the correct frequency, evaluate the configuration options on your IdP and review the Help Center to Set up SSO via a third party Identity provider.Trusted applications and session length controlsSome apps are not designed to gracefully handle the reauthentication scenario, causing confusing app behaviors or stack traces. Some other apps are deployed for server-to-server use cases with user credentials instead of the recommended service account credential, in which case there is no user to periodically reauthenticate. If you have specific apps like this, and you do not want them to be impacted by session length reauthentication, the org admin can add these apps to the trusted list for your organization. This will exempt the app from session length constraints, while implementing session controls for the rest of the apps and users within the organization.General Availability & Rollout PlanAvailable to all Google Cloud customersGradual rollout starting on March 15, 2023.Helpful links Help Center: Set session length for Google Cloud services Help Center: Control which third-party & internal apps access Google Workspace dataHelp Center: Use a security key for 2-Step VerificationCreating and managing organizationsUsing OAuth 2.0 for Server to Server ApplicationsRelated ArticleIntroducing IAM Deny, a simple way to harden your security posture at scaleOur latest new capability for Google Cloud IAM is IAM Deny, which can help create more effective security guardrails.Read Article
Quelle: Google Cloud Platform

16. März 2023

da Agency

Protect against cyberattacks with the new Azure Firewall Basic

Cyberattacks continue to rise across businesses of all sizes as attackers are adapting their techniques and increasing the complexity of their operations.1 The risk of these attacks is significant for small and medium businesses (SMBs) as they usually don’t have the specialized knowledge or resources to protect against emerging threats and face more challenges when recovering from an attack. In a recent Microsoft survey,2 70 percent of SMBs think cyberthreats are becoming more of a business risk and nearly one in four SMBs stated that they had a security breach in the last year.

SMBs need solutions that are tailored to their unique needs and challenges. Microsoft is committed to delivering security solutions to meet the needs of all our customers. We are excited to announce the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.

Since public preview, we have seen a wide adoption of the Azure Firewall Basic. Customers stated the simplicity and ease of use of the Azure Firewall as one of the key benefits for choosing Azure Firewall Basic. We have also added the capability to deploy Azure Firewall inside a virtual hub in addition to a virtual network. This gives businesses the flexibility to choose the deployment option that best meets their needs.

Deploying Azure Firewall in a virtual network is recommended for customers who plan to use traditional hub-and-spoke network topology with a Firewall on the hub. Whereas, deploying on a virtual hub is recommended for customers with large or global network deployments in Azure where global transit connectivity across Azure regions and on-premises locations is needed.

Providing SMBs with a highly available Firewall at an affordable price point

Azure Firewall Basic brings the simplicity & security of Azure Firewall to SMBs at a cost-effective price point

It offers Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft threat intelligence. As a cloud-native service, Azure Firewall Basic is simple to deploy with a few clicks and seamlessly integrates with other Azure services, including Microsoft Azure Firewall Manager, Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud.

Key features of Azure Firewall Basic

Comprehensive, cloud-native network firewall security

Network and application traffic filtering—Centrally create, allow, or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections. Rules are enforced and logged across multiple subscriptions and virtual networks.
Threat intelligence to alert on malicious traffic—Enable threat intelligence-based filtering to alert on traffic from or to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft threat intelligence feed.
Built-in high availability—Azure Firewall Basic provides built-in high availability to ensure that your network traffic is always protected. Azure Firewall Basic can replicate your firewall instance across two availability zones, ensuring that your traffic is always filtered even if one of the zones goes down.

Simple setup and easy to use

Set up in just a few minutes—Use the Quickstart deployment Azure Resource Manager (ARM) templates to easily deploy Azure Firewall Basic directly to your Azure environment.
Automate deployment (deploy as code)—Azure Firewall Basic provides native support for Infrastructure as Code (IaC). Teams can define declarative ARM templates that specify the infrastructure required to deploy solutions. Third-party platforms like Terraform also support IaC to manage automated infrastructure.
Zero maintenance with automatic updates—Azure Firewall is automatically updated with the latest threat intelligence and security updates to ensure that it stays up-to-date and protected against the latest threats.
Centralized management via Azure Firewall Manager—Azure Firewall Manager is a central management solution that allows you to manage multiple Azure Firewall instances and policies across your organization from a single location, ensuring that your security policies are consistent and up to date across your organization.

Cost-effective

Designed to deliver essential, cost-effective protection of your Azure resources within your virtual networks.

Choose the right Azure Firewall SKU for your business

Azure Firewall is offered in three SKUs to meet a wide range of use cases and needs:

Azure Firewall Premium is recommended for customers looking to secure highly sensitive applications, such as payment processing. In addition to all features of the Azure Firewall standard, it also supports advanced threat protection capabilities like malware and Transport Layer System (TLS) inspection.
Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and require auto-scaling to handle peak traffic periods of up to 30 gigabits per second (Gbps). It supports enterprise features like threat intelligence, Domain Name System (DNS) proxy, custom DNS, and web categories.
Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 megabits per second (Mbps).

Let’s take a closer look at the features across the three Azure Firewall SKUs.

Azure Firewall Basic pricing

Azure Firewall Basic pricing includes both deployment and data processing charges for both virtual network and virtual hub scenarios. Pricing and billing for Azure Firewall Basic with virtual hub will be effective starting May 1, 2023.

For more details, visit the Azure Firewall pricing page.

Next steps

For more information on everything we covered in this blog post, see the following resources:

Azure Firewall documentation.
Azure Firewall Manager documentation.
Deploy and configure Azure Firewall Basic.

1Microsoft Digital Defense Report 2022

2April 2022: Microsoft Small and Medium Business quantitative survey research: Security in the new environment
Quelle: Azure