VM to VM Encryption-in-transit

%3CLINGO-SUB%20id%3D%22lingo-sub-1763385%22%20slang%3D%22en-US%22%3EVM%20to%20VM%20Encryption-in-transit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1763385%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20operate%20on%20highly%20confidential%20data%20and%20we%20want%20to%20be%20as%20safe%20as%20possible.%20Our%20infrastructure%20setup%20consists%20of%20a%20Virtual%20Network%20with%20two%20subnets%2C%20say%20Subnet%20A%20and%20Subnet%20B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20Virtual%20Machine%20in%20Subnet%20A%20is%20communicating%20to%20internet%20via%20a%20Squid%20Proxy%20Virtual%20machine%20in%20Subnet%20B.%20Right%20now%20Squid%20Proxy%20is%20operating%20on%20http_port.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20questions%20and%20concerns%3A-%3C%2FP%3E%3CP%3E1.%20Is%20data%20moving%20between%20VM%20to%20VM%20safe%20from%20snooping%20and%20MITM%20attacks%3F%3C%2FP%3E%3CP%3E2.%20Would%20be%20an%20overkill%20to%20encrypt%20the%20data%20in-transit%20in%20between%20these%20two%20Virtual%20Machines%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20so%20much%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1770838%22%20slang%3D%22en-US%22%3ERe%3A%20VM%20to%20VM%20Encryption-in-transit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1770838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746646%22%20target%3D%22_blank%22%3E%40isanjayvig%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3Esee%20below%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20Is%20data%20moving%20between%20VM%20to%20VM%20safe%20from%20snooping%20and%20MITM%20attacks%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3E---%3A%3C%2FSTRONG%3E%20Yes%20it's%20safe%20from%20snooping%2C%20see%20the%20details%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Ffundamentals%2Fencryption-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20encryption%20overview%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20Would%20be%20an%20overkill%20to%20encrypt%20the%20data%20in-transit%20in%20between%20these%20two%20Virtual%20Machines%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3E---%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Fazure-security-network-security-best-practices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity%2Fazure-security-network-security-best-practices%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EUsually%20its%20safe%20to%20say%20that%20a%20private%20network%20is%20isolated%20from%20the%20rest%20of%20everything%20unless%20explicitly%20allowing%20traffic.%20Also%2C%20if%20you're%20concerned%20about%20data%20being%20encrypted%20at%20rest%20and%20in%20transit%20you%20could%20just%20copy%20through%20RDP%20or%20SSH%20on%20Windows.%20There%20are%20a%20number%20of%20options.%20Hope%20this%20helps!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1773420%22%20slang%3D%22en-US%22%3ERe%3A%20VM%20to%20VM%20Encryption-in-transit%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1773420%22%20slang%3D%22en-US%22%3EAnswer%20Q.%201%3A%20Yes%20it's%20secure.%3CBR%20%2F%3EQ2%3A%20I%20Highly%20recommend%20you%20to%20deploy%20Azure%20confidential%20Computing%20if%20you%20have%20that%20type%20of%20security%3A%20You%20may%20follow%20this%20link.%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fdcsv2series-vm-now-generally-available-from-azure-confidential-computing%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fdcsv2series-vm-now-generally-available-from-azure-confidential-computing%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fsolutions%2Fconfidential-compute%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fsolutions%2Fconfidential-compute%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Visitor

We operate on highly confidential data and we want to be as safe as possible. Our infrastructure setup consists of a Virtual Network with two subnets, say Subnet A and Subnet B.

 

A Virtual Machine in Subnet A is communicating to internet via a Squid Proxy Virtual machine in Subnet B. Right now Squid Proxy is operating on http_port.

 

My questions and concerns:-

1. Is data moving between VM to VM safe from snooping and MITM attacks?

2. Would be an overkill to encrypt the data in-transit in between these two Virtual Machines?

 

Thank you so much in advance!

2 Replies
Highlighted

@isanjayvig 

 

Hi, 

see below

1. Is data moving between VM to VM safe from snooping and MITM attacks?

---: Yes it's safe from snooping, see the details Azure encryption overview | Microsoft Docs

 

2. Would be an overkill to encrypt the data in-transit in between these two Virtual Machines?

---: https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices

Usually its safe to say that a private network is isolated from the rest of everything unless explicitly allowing traffic. Also, if you're concerned about data being encrypted at rest and in transit you could just copy through RDP or SSH on Windows. There are a number of options. Hope this helps!

 

 

Thanks

Highlighted

Answer Q. 1: Yes it's secure.
Q2: I Highly recommend you to deploy Azure confidential Computing if you have that type of security: You may follow this link. https://azure.microsoft.com/en-us/blog/dcsv2series-vm-now-generally-available-from-azure-confidentia...

https://azure.microsoft.com/en-us/solutions/confidential-compute/

 

Azure Best practice Security:

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices