diff --git a/assets/img/azure/solution/rg.png b/assets/img/azure/solution/rg.png new file mode 100644 index 0000000..3cf6216 Binary files /dev/null and b/assets/img/azure/solution/rg.png differ diff --git a/assets/img/azure/solution/vnets/hub/network/01.png b/assets/img/azure/solution/vnets/hub/network/01.png new file mode 100644 index 0000000..0be7818 Binary files /dev/null and b/assets/img/azure/solution/vnets/hub/network/01.png differ diff --git a/assets/img/azure/solution/vnets/hub/resources/01.png b/assets/img/azure/solution/vnets/hub/resources/01.png new file mode 100644 index 0000000..7377a3e Binary files /dev/null and b/assets/img/azure/solution/vnets/hub/resources/01.png differ diff --git a/assets/img/azure/solution/vnets/hub/rg/create/basics.png b/assets/img/azure/solution/vnets/hub/rg/create/basics.png index c7b0880..dbd0454 100644 Binary files a/assets/img/azure/solution/vnets/hub/rg/create/basics.png and b/assets/img/azure/solution/vnets/hub/rg/create/basics.png differ diff --git a/assets/img/azure/solution/vnets/hub/rg/create/review.png b/assets/img/azure/solution/vnets/hub/rg/create/review.png new file mode 100644 index 0000000..6379a53 Binary files /dev/null and b/assets/img/azure/solution/vnets/hub/rg/create/review.png differ diff --git a/assets/img/azure/solution/vnets/hub/rg/create/tags.png b/assets/img/azure/solution/vnets/hub/rg/create/tags.png index 0e5fd71..3cf16c8 100644 Binary files a/assets/img/azure/solution/vnets/hub/rg/create/tags.png and b/assets/img/azure/solution/vnets/hub/rg/create/tags.png differ diff --git a/assets/img/azure/solution/vnets/hub/rt/routes/exit-vnet-thru-fw.png b/assets/img/azure/solution/vnets/hub/rt/routes/exit-vnet-thru-fw.png index 1112a8d..97a5d0e 100644 Binary files a/assets/img/azure/solution/vnets/hub/rt/routes/exit-vnet-thru-fw.png and b/assets/img/azure/solution/vnets/hub/rt/routes/exit-vnet-thru-fw.png differ diff --git a/assets/img/azure/solution/vnets/hub/snapshots/01.png b/assets/img/azure/solution/vnets/hub/snapshots/01.png new file mode 100644 index 0000000..0eb7091 Binary files /dev/null and b/assets/img/azure/solution/vnets/hub/snapshots/01.png differ diff --git a/assets/img/azure/solution/vnets/network/01.png b/assets/img/azure/solution/vnets/network/01.png index 87827e0..9f456ae 100644 Binary files a/assets/img/azure/solution/vnets/network/01.png and b/assets/img/azure/solution/vnets/network/01.png differ diff --git a/assets/img/azure/solution/vnets/spoke/network/01.png b/assets/img/azure/solution/vnets/spoke/network/01.png new file mode 100644 index 0000000..00cc227 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/network/01.png differ diff --git a/assets/img/azure/solution/vnets/spoke/resources/01.png b/assets/img/azure/solution/vnets/spoke/resources/01.png new file mode 100644 index 0000000..82c0c87 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/resources/01.png differ diff --git a/assets/img/azure/solution/vnets/spoke/resources/01_peering.png b/assets/img/azure/solution/vnets/spoke/resources/01_peering.png new file mode 100644 index 0000000..c4580b3 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/resources/01_peering.png differ diff --git a/assets/img/azure/solution/vnets/spoke/rg/create/basics.png b/assets/img/azure/solution/vnets/spoke/rg/create/basics.png new file mode 100644 index 0000000..65f103c Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/rg/create/basics.png differ diff --git a/assets/img/azure/solution/vnets/spoke/rg/create/review.png b/assets/img/azure/solution/vnets/spoke/rg/create/review.png new file mode 100644 index 0000000..a1732f3 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/rg/create/review.png differ diff --git a/assets/img/azure/solution/vnets/spoke/rg/create/tags.png b/assets/img/azure/solution/vnets/spoke/rg/create/tags.png new file mode 100644 index 0000000..8464df4 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/rg/create/tags.png differ diff --git a/assets/img/azure/solution/vnets/spoke/snapshots/01.png b/assets/img/azure/solution/vnets/spoke/snapshots/01.png index bbd40aa..23a1a3c 100644 Binary files a/assets/img/azure/solution/vnets/spoke/snapshots/01.png and b/assets/img/azure/solution/vnets/spoke/snapshots/01.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/basics.png b/assets/img/azure/solution/vnets/spoke/vnet/create/basics.png new file mode 100644 index 0000000..69b175d Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/create/basics.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/ip/after.png b/assets/img/azure/solution/vnets/spoke/vnet/create/ip/after.png deleted file mode 100644 index 314f179..0000000 Binary files a/assets/img/azure/solution/vnets/spoke/vnet/create/ip/after.png and /dev/null differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/after.png b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/after.png new file mode 100644 index 0000000..8ed6576 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/after.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/before.png b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/before.png new file mode 100644 index 0000000..693fc28 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/before.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default.png b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default.png new file mode 100644 index 0000000..abcd09a Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default_nsg.png b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default_nsg.png new file mode 100644 index 0000000..a07c2b3 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/snets/default_nsg.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/review.png b/assets/img/azure/solution/vnets/spoke/vnet/create/review.png index 26c6c2c..eb2c7fe 100644 Binary files a/assets/img/azure/solution/vnets/spoke/vnet/create/review.png and b/assets/img/azure/solution/vnets/spoke/vnet/create/review.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/create/security.png b/assets/img/azure/solution/vnets/spoke/vnet/create/security.png index 685516e..232abc6 100644 Binary files a/assets/img/azure/solution/vnets/spoke/vnet/create/security.png and b/assets/img/azure/solution/vnets/spoke/vnet/create/security.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/peering/add.png b/assets/img/azure/solution/vnets/spoke/vnet/peering/add.png index cd1df8e..d0ada9e 100644 Binary files a/assets/img/azure/solution/vnets/spoke/vnet/peering/add.png and b/assets/img/azure/solution/vnets/spoke/vnet/peering/add.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/peering/empty.png b/assets/img/azure/solution/vnets/spoke/vnet/peering/empty.png new file mode 100644 index 0000000..54706e8 Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/peering/empty.png differ diff --git a/assets/img/azure/solution/vnets/spoke/vnet/peering/hub.png b/assets/img/azure/solution/vnets/spoke/vnet/peering/hub.png new file mode 100644 index 0000000..c43f07d Binary files /dev/null and b/assets/img/azure/solution/vnets/spoke/vnet/peering/hub.png differ diff --git a/docs/tutorial/01/hub.md b/docs/tutorial/01/hub.md index 72ee141..14ddd64 100644 --- a/docs/tutorial/01/hub.md +++ b/docs/tutorial/01/hub.md @@ -293,7 +293,7 @@ These are standard, to ensure connectivity with a minimum level of security on r Your resources should look like this.- -![snapshot](../../../assets/img/azure/solution/vnets/hub/snapshots/02.png) +![snapshot](../../../assets/img/azure/solution/vnets/hub/snapshots/01.png) ### Resource visualizer @@ -301,6 +301,10 @@ You can see the relationship between the Firewall `fw` and the Public IP `fw-ip` ![Resource visualizer](../../../assets/img/azure/solution/vnets/hub/fw/resources/01.png) +### Network Diagram + +![Network Diagram](../../../assets/img/azure/solution/vnets/hub/network/01.png) + ## Costs Both **Azure Bastion** & **Azure Firewall** are expensive resources, which are charged by the hour. diff --git a/docs/tutorial/01/spoke.md b/docs/tutorial/01/spoke.md index 4b479cb..47a0674 100644 --- a/docs/tutorial/01/spoke.md +++ b/docs/tutorial/01/spoke.md @@ -43,11 +43,13 @@ Make sure **Bastion** & **Firewall** remained **Toggled OFF**. ###### IP addresses +Virtual Network: `10.2.x.x/16` + | Subnet | IP family | CIDR Block | Size | Notes | | --------- | --------- | ------------- | ------- | ----- | | `default` | `0-3.x` | `10.2.0.0/22` | `1,024` | | -![Security](../../../assets/img/azure/solution/vnets/spoke/vnet/create/ip/after.png) +![Security](../../../assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/after.png) ##### Review + Create @@ -105,6 +107,10 @@ Review your settings and create the VNet. [JSON Template](../../../azure/templates/modules/01/spoke) +### Network Diagram + +![Network Diagram](../../../assets/img/azure/solution/vnets/spoke/network/01.png) + ## Next Steps [Create VNets peering](./peering.md) diff --git a/docs/tutorial/03/nsg.md b/docs/tutorial/03/nsg.md index ded3786..859c382 100644 --- a/docs/tutorial/03/nsg.md +++ b/docs/tutorial/03/nsg.md @@ -166,6 +166,27 @@ Not part of this tutorial. The following is meant to be only educational. +### Ping Flooding + +First, read about [ICMP Flooding](../../vulnerabilities.md#icmp-flooding) + +`ping` uses `ICMP` by default, which, because of flood attacks, is often blocked now by routers. + +#### Inbound: Deny ICMP + +- **Name**: `deny-icmp` + - **Priority**: `1000`ish + - Source: Any + - Destination: Any + - **Protocol**: `ICMP` + +> [!IMPORTANT] +> There are things like "TCP Ping" that can be used that use `TCP` instead of `ICMP`. + +[This article does a pretty good job of explaining this](https://www.baeldung.com/linux/tcp-packets-ping) + +You can sometimes cheat with `ssh` on a **specific port**. + ### Storage account(s) #### Outbound: Allow DNS diff --git a/docs/tutorial/04/spoke/webapp.md b/docs/tutorial/04/spoke/webapp.md index 414618d..e59f217 100644 --- a/docs/tutorial/04/spoke/webapp.md +++ b/docs/tutorial/04/spoke/webapp.md @@ -131,7 +131,7 @@ We'll tell the WebApp to use that subnet to create IPs (NICs?) it can use for an ![Virtual Network Integration](../../../../assets/img/azure/solution/vnets/spoke/webapp/settings/networking/virtual_network_integration/subnet/add.png) -- [x] **Outbound Internet Traffic**: Checked. Ensure it goes through our delegated `webapp` subnet and not directly to the internet. Will aalso +- [x] **Outbound Internet Traffic**: Checked. Ensure it goes through our delegated `webapp` subnet and not directly to the internet. ![Virtual Network Integration](../../../../assets/img/azure/solution/vnets/spoke/webapp/settings/networking/virtual_network_integration/subnet/connected.png) diff --git a/docs/vulnerabilities.md b/docs/vulnerabilities.md index 49df4cb..d8c599d 100644 --- a/docs/vulnerabilities.md +++ b/docs/vulnerabilities.md @@ -1,7 +1,21 @@ # Known Vulnerabilities +## DDoS + +### ICMP Flooding + +Also known as ["Ping of death"](https://www.fortinet.com/resources/cyberglossary/ping-of-death) + +> The ping of death is a form of denial-of-service (DoS) attack +> that occurs when an attacker crashes, destabilizes, or freezes computers or services +> by targeting them with oversized data packets + ## DNS -### Poisoning +### Spoofing + +Also known as [DNS Poisoning](https://www.okta.com/identity-101/dns-poisoning/) -[DNS Poisoning/Spoofing](https://www.okta.com/identity-101/dns-poisoning/) +> During a DNS poisoning attack, a hacker substitutes the address for a valid website for an imposter. +> Once completed, that hacker can steal valuable information, like passwords and account numbers. +> Or the hacker can simply refuse to load the spoofed site