Continuation of last time But I will translate the article.

Virtual machine

We will set best practices to protect Windows Azure virtual machines from various threats.

1) Set the password so that it is a strong password .

2018.clip_image002_4C197077

3482.clip_image004_52604705

Note: Passwords like p@assword1, password@1 are very easy for hackers to guess. You can find strong password examples on Coco 's site.

Update: For security reasons, we don't recommend using the same password that is used by other sites in the Windows Azure portal.

2) When creating a virtual machine, choose an uncommon random name.

6648.image_735D143C

Note: We chose a name that is easy to remember, but do not use a simple username like ADMSQLVM. For security, do not use common names in your portal.

3) Change the port (3389) for remote connection. If you leave it as default, it will be easily connected to hackers.

8371.clip_image008_71A2EDD8

7128.clip_image010_1151C7A1

Update: The portal now generates a random port instead of assigning the remote connection default (3389).

4) Allow remote connection only from a specific IP. (If you don't set this, you'll potentially lose connectivity to your VM) If for some reason you lose connectivity from your on-premises environment, as part of your virtual network, Create a virtual network for the IP/Subnet range so that you can spin up and connect to it and add that range to the whitelist here Connect to the VM within the virtual network.

6116.clip_image012_232E5B6E

0358.clip_image014_297531FC

For more information: Firewall Rule Properties Page: Scope Tab

5) Set up audit events to monitor for failed logon attempts and block IP addresses.

  1. Configure auditing for failed logon events like 4625 , 4648 , set alerts, extract IP from event log entries and add a firewall rule to run a batch file that blocks it. Schedule a task for.
  2. There seem to be many third party tools available that automatically block these IP addresses. The one I met was RDP Guard. http://rdpguard.com/

Security and Protection in Windows Server 2008 ,R2

Security and Protection in Windows Server 2012

6) Change passwords often and do not use the same password for all virtual machines.

7) Password policies are established to reduce the vulnerability to authentication dictionaries and brute force attacks. Set a password policy and manage it.

  1. You need a strong password. A strong password policy should include a minimum password length and use alphanumeric and special characters.
  2. The requirements for using passphrases apply. The passphrase must have the number of characters too, the minimum requirement for potential special characters too.
  3. It enforces password complexity requirements by requiring long passwords with a combination of numbers and special uppercase letters, lowercase letters (eg punctuation). This helps mitigate the threat of dictionary attacks.
  4. Enforce password validity period.
  5. Use the account lockout policy for end user accounts.
  6. Supports disabling admin accounts.
  7. Keep a history of passwords, but don't store the actual password as mentioned above.
  8. Please use your email to distribute your password or as part of the password reset procedure. Instead of passing the user credentials by email, consider another approach that allows the user to identify themselves (eg secrets) in the UI and use an alternative way to reset the password Let's.

8) Run Best Practices Analyzer and take appropriate action to fix security issues reported by the tool

5732.clip_image016_1B36B90C

9) Disable automatic updates or don't make sure the VM is up to date from a patch perspective.

10) Evaluate the best suitable antivirus/intrusion detection software available on the market for use in Windows Azure virtual machines.

translation
http://blogs.msdn.com/b/narahari/archive/2013/02/05/security-best-practices-for-windows-azure.aspx