Security in PaaS services

Mohamed Aquib Chiniwala 46 Reputation points
2022-10-21T06:39:01.333+00:00

Hello,

I wanted to know a basic yet undiscovered topic related to the security of Azure PaaS services.

We all know that PaaS services like Storage Account have a so-called "firewall" feature built into the service. My question is are the public endpoints of these PaaS services like Storage Account internally secured with protection features like Malicious IPs, Intrusion prevention, SQL Injection, OWASP recommendations/rules, DDoS, etc., or do the firewall feature of Storage Account just provide IP whitelisting if the service is exposed to the internet or we have to place an additional NVA or "Azure Firewall" service in front of the public endpoint to achieve protection against the mentioned threats?

It would be a great help if someone from MS could answer this.

Thank You.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,114 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
656 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
630 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,615 questions
0 comments
Accepted answer
  1. Carlos Solís Salazar 17,876 Reputation points
    2022-10-21T11:00:55.603+00:00

    Hi @Anonymous

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    I am not from Microsoft, but I think I can answer you.

    The Storage Account Firewall is a Static Firewall, which means it doesn't have capabilities for Malicious IPs Detection, Intrusion prevention, SQL Injection, OWASP recommendations/rules, DDoS.

    With the Storage Account Firewall, you only can allow VNets, Private Endpoints, or specific Publics IPs

    Indeed, you'll require an additional NVA or "Azure Firewall" service to achieve this goal

    Hope this helps!

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.