对于Azure Web应用程序,如何监视安全威胁流量?
[英]For Azure Web Applications, how do you monitor Security Threat traffic?
问题描述
I want to monitor any suspicious traffic into our Azure web application. 
我想监视进入我们的Azure Web应用程序的任何可疑流量。 I want to know the IP addresses and what they are probing with a view to blocking those IP addresses. 我想知道IP地址以及它们为阻止这些IP地址而正在探测的内容。 I am mindful of trying to protect the application via secure coding practices, but also I feel a little blind to what is hitting our site at present. 我很想尝试通过安全的编码做法来保护应用程序,但是我对当前正在访问我们站点的内容感到有点盲目。
I have looked at what Azure provides, but cannot see anything obvious in terms of some form of dashboard. 我已经看过Azure提供了什么,但是在某种形式的仪表板方面看不到任何明显的东西。 I may be looking in the wrong place. 我看错地方了。
It may be that I need a proper Web Application Firewall to do this, and Azure does not provide this ?? 可能是我需要适当的Web应用程序防火墙才能执行此操作,而Azure不提供此功能? The only one I am sort of familiar with is Cloudflare, but for other reasons, we cannot use it at present, although these could be surmontable. 我唯一熟悉的是Cloudflare,但由于其他原因,我们目前无法使用它,尽管这些可能是可以替代的。
So how are folks monitoring their "attack interfaces"? 那么人们如何监视他们的“攻击界面”?
Thanks. 谢谢。
2 个解决方案
解决方案1
2 已采纳 2016-06-26 04:10:27
If you're referring to Azure Web Apps there is a log that displays very detailed information about the requests made to your website. 如果您指的是Azure Web Apps,则有一个日志显示有关对您的网站的请求的非常详细的信息。 The logs are the Web Server logs which are in the W3C extended log file format and may contain the information you're looking for. 日志是W3C扩展日志文件格式的Web服务器日志,其中可能包含您要查找的信息。 You have to enable these logs under diagnostics for the web app. 您必须在Web应用程序的诊断下启用这些日志。
You can view these logs by downloading them or streaming them via PowerShell or azure CLI. 您可以通过下载日志或通过PowerShell或azure CLI对其进行流传输来查看这些日志。 You may also find the Kudu site that comes with web apps helpful. 您可能还会发现Web应用程序附带的Kudu网站很有帮助。 It can be found at https://your-web-app.scm.azurewebsites.net 可以在https://your-web-app.scm.azurewebsites.net上找到
解决方案2
2 2016-06-28 15:35:03
You are correct, Azure web apps by itself does not offer extensive security monitoring. 没错,Azure Web应用程序本身不提供广泛的安全监视。 While ApplicationInsights and ApplicationInsights Analytics can give you a lot of data for monitoring, it does not target security specifically. 尽管ApplicationInsights和ApplicationInsights Analytics可以为您提供大量用于监视的数据,但它并不是专门针对安全性的。 It will tell you which IP address is probing what and with which result, so I would start there and see if it fits your requirements. 它会告诉您哪个IP地址正在探测什么以及产生什么结果,因此我将从那里开始,看看它是否符合您的要求。
If you want to do security monitoring, packet inspection, etc., your best bet is to use a virtual appliance in Azure. 如果要进行安全监视,数据包检查等,最好的选择是在Azure中使用虚拟设备。 The Azure marketplace offers security/WAF appliances from Checkpoint, Barracuda, Cisco, F5, etc. that might fit your needs. Azure市场提供了来自Checkpoint,梭子鱼,思科,F5等的安全/ WAF设备,它们可能适合您的需求。 These virtual devices run on virtual machines in Azure and have a public IP address on the outside for incoming traffic which they can route to internal (vnet) or external (webapp) resources. 这些虚拟设备在Azure的虚拟机上运行,并且在外部具有用于传入流量的公共IP地址,它们可以路由到内部(vnet)或外部(webapp)资源。 While these are generally very powerful solutions, they come at a cost. 尽管这些通常是非常强大的解决方案,但它们是有代价的。
A possible set up might be to use an appliance like this to offload SSL, inspect traffic on the appliance and then forward traffic to the web app (over http, within the same datacenter). 可能的设置可能是使用这样的设备来卸载SSL,检查设备上的流量,然后将流量转发到Web应用程序(通过同一数据中心内的http)。 If the appliance of your choosing does not allow SSL offloading, you might place an Azure Application Gateway in front. 如果您选择的设备不允许SSL卸载,则可以将Azure应用程序网关放在前面。
Again, start with Application Insights and see if it works for you. 同样,从Application Insights开始,看看它是否适合您。 If not, do a price/feature comparison on the various virtual firewalls/security devices. 如果不是,请在各种虚拟防火墙/安全设备上进行价格/功能比较。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.