Introduction to Windows Azure and Windows Azure SQL Database
Seguridad en SQL Azure Windows azure
-
Upload
eduardo-castro -
Category
Technology
-
view
1.515 -
download
1
description
Transcript of Seguridad en SQL Azure Windows azure
![Page 1: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/1.jpg)
Dr. Eduardo Castro Martínez
Microsoft MVP
http://comunidadwindows.org
http://tiny.cc/comwindows
http://ecastrom.blogspot.com
![Page 2: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/2.jpg)
![Page 3: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/3.jpg)
![Page 4: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/4.jpg)
![Page 5: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/5.jpg)
![Page 6: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/6.jpg)
Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
Saugatuck Insight:
Saugatuck believes
that many users will
find that changes
required in internal
organization and
politics for moving
from dedicated to
shared resources
pose significant
challenges to the
adoption of Cloud
Computing.
![Page 7: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/7.jpg)
Security Privacy
Reliability Business Practice
Questions
Is your service secure?
Are you ISO 27001
certified?
Jurisdiction?
Have you ever had a
service outage?
Do you have performance
SLA?
Do you have an incident response plan?
Do you have SAS Type II Report?
Do you provide 24*7 support?
Are you HIPAA compliant?
How do you ensure data
isolation?
Data retention?
![Page 8: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/8.jpg)
location ownership control
![Page 9: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/9.jpg)
![Page 10: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/10.jpg)
10
![Page 11: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/11.jpg)
Hybrid Public Private
SaaS Software as a Service
PaaS Platform as a Service
IaaS Infrastructure as a Service
![Page 12: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/12.jpg)
Spoofing Tampering &
Disclosure
Port Scanning/
Service
Enumeration
Elevation of
Privilege
Load-balanced
Infrastructure
Network
bandwidth
throttling
CiscoGuard
enabled on
Storage nodes
Configurable
scale-out
Denial of
Service
Service Definition
file, Windows
Firewall, VM switch
packet filtering
VM switch
hardening
Certificate
Services
Shared-Access
Signatures
HTTPS
Sidechannel
protections
VLANs
Top of Rack
Switches
Custom packet
filtering
Partial Trust
Runtime
Hypervisor
custom
sandboxing
Virtual Service
Accounts
![Page 13: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/13.jpg)
![Page 14: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/14.jpg)
![Page 15: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/15.jpg)
![Page 16: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/16.jpg)
Windows Azure
Customer Tenant
Customer Admin Users
External Web Site
Physical Attacks
On Servers Central Admin
![Page 17: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/17.jpg)
Windows Azure
Customer Tenant
Customer Admin Users
Physical Attacks On Servers
![Page 18: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/18.jpg)
Windows Azure
Customer Tenant
Central Admin
![Page 19: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/19.jpg)
Windows Azure
Customer Tenant
External Web Site
![Page 20: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/20.jpg)
Windows Azure
Customer Tenant
Customer Admin Users
![Page 21: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/21.jpg)
Windows Azure
Customer Tenant
Users
![Page 22: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/22.jpg)
Windows Azure
Customer Tenant
Customer Admin
![Page 23: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/23.jpg)
23
Managed Code
Access Security:
partial trust
Windows Account:
running with least
privileges
Windows FW (VM):
rules based on service
model
Virtual Machine: fixed
CPU, memory, disk
resources Root Partition Packet
Filter: defense in
depth against VM
“jailbreaking”
Network ACLs: dedicated VLANS for tenant nodes
![Page 24: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/24.jpg)
![Page 25: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/25.jpg)
![Page 26: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/26.jpg)
Hypervisor
Network/Disk
R
o
o
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
![Page 27: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/27.jpg)
![Page 28: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/28.jpg)
![Page 29: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/29.jpg)
![Page 30: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/30.jpg)
![Page 31: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/31.jpg)
![Page 32: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/32.jpg)
![Page 33: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/33.jpg)
![Page 34: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/34.jpg)
![Page 35: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/35.jpg)
![Page 36: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/36.jpg)
Service security starts with the data center
Data center within a data center
Motion sensors
24×7 secured access
Biometric controlled access systems
Video camera surveillance
Security breach alarms
World-Class Security
![Page 37: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/37.jpg)
Security
Risk
Management Privacy
Data
World-Class Security
![Page 38: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/38.jpg)
![Page 39: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/39.jpg)
FISMA
ISO 27001
HIPAA
PCI
HBI
MBI
![Page 40: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/40.jpg)
Provides assurance
Required by law when performing certain tasks
Recommendatio
n
Customer and
Partner Requests
and Feedback
Market
Size Competitive
Position
Compliance Landscape
General Process and Security
Financial Reporting
Credit Card Processing
Vertical Specific
US Govt Federal and State
Banking Investing Healthcare Energy
EU Privacy Directive 1995/46
PCI DSS
Sarbanes Oxley
• ITAR
• FISMA
• FIPS-140
• BASE II • BASE II
• NASD
• HIPAA • NERC 1300
SAS Type II
ISO 27001 General Process and Security
General Process and Security
PCI-DSS specification not
“cloud aware”. New spec
coming in 14 months
ISO27001 and SAS70 were
the most frequently
discussed by customers,
partners, and field
PCI DSS frequently mentioned
too.
Even without PCI DSS, it is
possible for customers to write
PCI compliant apps, although
this is not viable for some
![Page 41: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/41.jpg)
ISO 27001 SAS 70 Type 2 PCI DSS Level 1
Datacenters GFS X X X
Rackspace X X X
Terrecloud (hoster of
VMWare vCloud)
X In Europe
X --
PaaS / IaaS Windows Azure -- -- --
AWS -- X --
GAE -- -- --
Force.com /
VMForce.com
X X --
Saas BPOS X X --
Google App
Engine
-- X --
Salesforce.com X X --
Microsoft
BPOS has achieved
distinct certifications
on top of GFS
Although they have
SAS70, AWS does
not share contents of
audit with public
Microsoft
Microsoft
![Page 42: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/42.jpg)
42
![Page 43: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/43.jpg)
![Page 44: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/44.jpg)
![Page 45: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/45.jpg)
Dr. Eduardo Castro Martínez
Microsoft MVP
http://comunidadwindows.org
http://tiny.cc/comwindows
http://ecastrom.blogspot.com
![Page 46: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/46.jpg)
![Page 47: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/47.jpg)
![Page 48: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/48.jpg)
![Page 49: Seguridad en SQL Azure Windows azure](https://reader031.fdocuments.net/reader031/viewer/2022020206/5457ba75af795994188b51fe/html5/thumbnails/49.jpg)