Aug 21 2017
- last edited on
May 24 2021
we have a potential client who is going to use a solution that will be installed on MS Azure servers. The solution include very senstive data, thus he is asking some questions about security and network hardening. It will be great to answer (Azure is Compliant/Azure is not compliant) the below question, or might help us to indicate to who this need to be sent:
1- All data traffic coming from the Internet or other untrusted networks shall terminate in a reverse proxy which may validate and pass the request on to application servers. This reverse proxy physically separates trusted and untrusted interfaces.
2- Ports allowed for a particular service use shall not be reused for other purposes without explicitly being detailed in the design documentation.
3- Networks (including wireless networks) shall be securely managed from a separate LAN. Management shall be performed over a dedicated secure channel or out-of-band.
4- Security devices (e.g. intrusion detection or intrusion prevention systems) shall be deployed to monitor traffic between networks based on Vodafone's security zoning model.
5- Critical web services shall be protected with web application firewalls.
6- The service shall be integrated into an existing business continuity plan.
7- The service shall be integrated into a disaster recovery process which shall be documented and tested prior to launch.
8- In order to mitigate DNS rebind attacks, DNS pinning shall be activated.
Aug 21 2017 10:54 AM