堆栈内存溢出
  简体   繁体   English

晦涩的Azure存储帐户名

[英]obscure azure storage account name

 原文  2015-01-02 09:27:52       azure/ azure-storage/ obfuscation

问题描述

Is there any merit in creating an obscure azure storage account name by using the max number of random chars/nums that is allowed when creating one from the portal? 通过使用从门户网站创建一个最大的随机字符/数字来创建晦涩的Azure存储帐户名称有什么好处吗?

I know that they are still going to be publicly visible and accessible with the keys but is there any benefit in this? 我知道仍然可以通过密钥公开看到它们,但是这样做有什么好处吗? Admin is going to be trickier from the portal having accounts with randomly generated names naturally. 对于具有自然生成具有随机名称的帐户的门户网站,管理员将变得更加棘手。 Is there such a malicious practice of "scanning" storage account names to find ones that exist to potential abuse or is there mechanisms to prevent that? 是否存在这种“扫描”存储帐户名称的恶意做法,以查找存在潜在滥用可能性的存储帐户名称,或者是否有防止这种情况的机制? I am aware that obfuscation does not equal security and only means to delay and not prevent but I can't see any other way to secure a storage account to a specific IP address/range presently. 我知道混淆并不等同于安全性,只是意味着延迟而不是阻止,但目前看不到任何其他方法可将存储帐户保护到特定的IP地址/范围。

Is this something you would/wouldn't recommend to do in practice? 您会/不建议在实践中这样做吗? Am I just being overly cautious and in fact the access keys on their own are indeed a good level of security. 我只是过于谨慎,实际上访问密钥本身确实是一个很好的安全级别。

1 个解决方案

解决方案1
 0 已采纳  2015-01-02 09:40:01

I am no security expert, but IMHO, you are being over cautious... with the name, that is.. 不是安全专家,但是恕我直言,您太谨慎了……这个名字就是..

Having said that, it is always a good security policy to rotate the access keys at a given frequency. 话虽如此,以给定的频率旋转访问密钥始终是一个好的安全策略。 The very reason why these services support primary and secondary access keys is to enable the scenario for key rotation ... and think of it as similar to systems enforcing a user to change their password every X days. 这些服务支持访问密钥和辅助访问密钥的根本原因是为了启用密钥旋转方案……并将其视为类似于强制用户每X天更改一次密码的系统。

The frequency could be anything you prefer, or your in house security experts suggests as acceptable. 频率可以是您喜欢的任何频率,或者内部安全专家建议的频率是可以接受的。

Although initially needs effort investment, automating the key rotation process is obviously best. 尽管起初需要投入精力,但是使密钥轮换过程自动化显然是最好的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure 存储账户容器名称格式不正确 - Azure storage account container name format is incorrect Azure Data Lake Storage (gen1) 帐户名称和存储帐户密钥是什么? - What is the Azure Data Lake Storage (gen1) account name and storage account key? Azure:使用存储模拟器时,帐户名和访问密钥是什么? - Azure: What are the Account Name and Access Key when using the Storage Emulator? 为什么使用相同名称的存储帐户部署会花费很多时间? - Why storage account deployment with same name is taking time in azure? 在PowerShell脚本中加密Azure存储帐户名和密钥 - Encrypt Azure Storage account name and key in PowerShell script 使用类型CloudQueue从Azure Function指定存储帐户的名称 - Specify the name of storage account from Azure Function that uses type CloudQueue 如何使用 azure powershell 命令获取给定存储帐户名称和资源组的存储帐户 ID? - How to get storage account id given storage account name and resource group using azure powershell command? 如何重命名 Azure Data Lake Storage Gen1 帐户名称? - How to rename Azure Data Lake Storage Gen1 account name? mvn azure-functions:deploy 创建“无效的存储帐户名称” - mvn azure-functions:deploy creates 'not valid storage account name' Azure存储帐户的可用性 - Availability of Azure storage account
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM