Oct 09 2020 03:46 AM
We operate on highly confidential data and we want to be as safe as possible. Our infrastructure setup consists of a Virtual Network with two subnets, say Subnet A and Subnet B.
A Virtual Machine in Subnet A is communicating to internet via a Squid Proxy Virtual machine in Subnet B. Right now Squid Proxy is operating on http_port.
My questions and concerns:-
1. Is data moving between VM to VM safe from snooping and MITM attacks?
2. Would be an overkill to encrypt the data in-transit in between these two Virtual Machines?
Thank you so much in advance!
Oct 12 2020 03:11 AM
Hi,
see below
1. Is data moving between VM to VM safe from snooping and MITM attacks?
---: Yes it's safe from snooping, see the details Azure encryption overview | Microsoft Docs
2. Would be an overkill to encrypt the data in-transit in between these two Virtual Machines?
---: https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices
Usually its safe to say that a private network is isolated from the rest of everything unless explicitly allowing traffic. Also, if you're concerned about data being encrypted at rest and in transit you could just copy through RDP or SSH on Windows. There are a number of options. Hope this helps!
Thanks
Oct 12 2020 10:08 PM - edited Oct 12 2020 10:12 PM
Answer Q. 1: Yes it's secure.
Q2: I Highly recommend you to deploy Azure confidential Computing if you have that type of security: You may follow this link. https://azure.microsoft.com/en-us/blog/dcsv2series-vm-now-generally-available-from-azure-confidentia...
https://azure.microsoft.com/en-us/solutions/confidential-compute/
Azure Best practice Security:
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices