topic Re: Azure marketplace images security assurance in Cloud Firewall

Azure marketplace images security assurance

Don_Paterson — Thu, 22 Jun 2023 07:49:27 GMT

How can customers check the image before and after deployment and what has been put in place to guarentee that a market place image has not been injected with malicious code?

A downloadable iso file normally has a hash. What about the marketplace templates/images?

Re: Azure marketplace images security assurance

G_W_Albrecht — Thu, 22 Jun 2023 10:27:19 GMT

Microsoft has a lot of web pages with Azure Security information covering every aspect, so i would start here: https://azure.microsoft.com/en-us/explore/security/

Re: Azure marketplace images security assurance

Don_Paterson — Thu, 22 Jun 2023 12:09:37 GMT

Will that provide an answer to my questions specifically?

Re: Azure marketplace images security assurance

G_W_Albrecht — Thu, 22 Jun 2023 14:22:22 GMT

Why should that not do this ? Microsoft is responsible for the safety of Azure marketplace images, or have you proof that this is regulated differently ?

Re: Azure marketplace images security assurance

PhoneBoy — Thu, 22 Jun 2023 18:08:46 GMT

At least in Amazon, AMIs are created from a known good disk image prepared by the vendor.
Once they're published, they cannot be updated without publishing a new AMI.
Unless the image included the malicious content "from the factory" the only way it could be infected would be post-deployment.

Re: Azure marketplace images security assurance

Don_Paterson — Fri, 23 Jun 2023 11:03:32 GMT

That Azure security page is more about marketing and might make one wonder why any other security solution might be required if Azure has so much resource behind cyber security...

My question is about security checks before and immediately after a deployment of a Check Point VM from the marketplace. It is a valid question that a customer can (and did) ask.

It is a technical question and specifically about the technical options that a Check Point customer may or may not have to validate an image/marketplace template deployment, in the same way as we check downloaded files integrity with a SHA1 or SHA256 checksum.

Re: Azure marketplace images security assurance

PhoneBoy — Fri, 23 Jun 2023 15:31:34 GMT

I understand the "trust but verify" mindset behind this question 🙂
Unfortunately, this is a question that can only truly be answered by the cloud vendor (Microsoft in this case).