Adding more security
As you know, building for the cloud allows you to focus on the application level. This is also applicable for security. The hardware infrastructure is not yours; you cannot set up firewalls, proxies, or other hardware security peripherals, so there is no way to configure hardware security (or personnel).
Microsoft already takes care of some security threats that target network infrastructure. The following table shows what typical threats to network infrastructure exist and what can be done to mitigate those risks.
|
Threat |
Mitigation |
|---|---|
|
Port scanning |
Only ports that are explicitly defined by developers in the definition file of a service are open and reachable from outside. |
|
Denial of Service (DoS) |
The load balancers of Windows Azure discover DoS attacks that are initiated from inside a datacenter or the Internet and will partially mitigate them. Windows Azure virtual machines are accessible by using a Virtual IP, and this means that traffic is always routed through... |
