put my book in the index

tuxerrante · tuxerrante · commit c6b81856fde9 · 2025-07-07T14:55:40.000+02:00
diff --git a/docs/.obsidian/workspace.json b/docs/.obsidian/workspace.json
@@ -13,12 +13,12 @@
             "state": {
               "type": "markdown",
               "state": {
-                "file": "software-engineering/security/CISA.md",
+                "file": "index.md",
                 "mode": "source",
                 "source": false
               },
               "icon": "lucide-file",
-              "title": "CISA"
+              "title": "index"
             }
           }
         ]
@@ -80,21 +80,20 @@
             "state": {
               "type": "outline",
               "state": {
-                "file": "software-engineering/security/CISA.md",
+                "file": "index.md",
                 "followCursor": false,
                 "showSearch": false,
                 "searchQuery": ""
               },
               "icon": "lucide-list",
-              "title": "Outline of CISA"
+              "title": "Outline of index"
             }
           }
-        ],
-        "currentTab": 3
+        ]
       }
     ],
     "direction": "horizontal",
-    "width": 200
+    "width": 258.5
   },
   "right": {
     "id": "e0b805506c2aec1c",
@@ -170,8 +169,9 @@
   },
   "active": "d04aa7fecda1a23c",
   "lastOpenFiles": [
-    "img/firewall-infra.png",
+    "software-engineering/Azure/AZ-500.md",
     "software-engineering/security/CISA.md",
+    "img/firewall-infra.png",
     "img/firewall-infra.png.crdownload",
     "software-engineering/security/Fundamental-security-models.md",
     "[Security.md",
diff --git a/docs/img/copertina_pensiero_critico_piccola.png b/docs/img/copertina_pensiero_critico_piccola.png
diff --git a/docs/index.md b/docs/index.md
@@ -7,16 +7,18 @@ Click on the menu on the top to explore the pages.
 - [LinkedIn](https://www.linkedin.com/in/affinitoalessandro)
 - [Soundcloud](https://soundcloud.com/alessandro-affinito-58528444)
 - [YouTube](https://www.youtube.com/@alessandro-affinito/videos)
-  
+
 
 ---
 # Support my work!
 
 ➡️ **[Buy me a coffee!](https://buymeacoffee.com/tuxerrante)**
-➡️ **[Sponsor me on GitHub!](https://github.com/sponsors/tuxerrante)**
+➡️ **[Sponsor me on GitHub!](https://github.com/sponsors/tuxerrante)**  
+⬇️ [**Or read my book!**](https://www.amazon.it/Guida-pratica-Pensiero-Critico-Bussola/dp/B0F267MWNP)  
 
-I've been dedicated to creating free content for years, pouring countless hours into research, writing, and editing. 
-Your support would mean the world to me and help me continue producing high-quality content. By sponsoring my work, you're not just helping me, but also validating the value of the information I provide.  
+I've been dedicated to creating free content for years, pouring countless hours into research, writing, and editing.
+Your support would mean the world to me and help me continue producing high-quality content. By sponsoring my work, you're not just helping me, but also validating the value of the information I provide.
 Thank you for considering!
 
-![[support.png]]
+[![[img/copertina_pensiero_critico_piccola.png]]](https://www.amazon.it/Guida-pratica-Pensiero-Critico-Bussola/dp/B0F267MWNP)
+
diff --git a/docs/software-engineering/Azure/AZ-500.md b/docs/software-engineering/Azure/AZ-500.md
@@ -493,6 +493,10 @@ When you create a route table and associate it to a subnet, the table's routes a
 
 Dedicated physical connection to an Azure tenant
 
+Dot1Q VLAN
+QinQ
+
+
 ### VPN
 
 IpSec/K encrypted connection.
@@ -524,28 +528,70 @@ L4 (TCP/UDP), REGIONAL
 
 can be internal or external (get assigned a Public IP)
 
-## APP GATEWAY
+## APPLICATION GATEWAY
 
 L7, REGIONAL: redirection, rewrite, https,
-
 Can have on top a WAF ([OWASP threats](https://learn.microsoft.com/en-gb/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=drs21#owasp-crs-32))
 
+1. Connection comes from the internet
+2. App GW **frontend public IP** is reached trough the DNS
+3. **HTTP/HTTPS Listener**: The gateway listens for incoming HTTP or HTTPS traffic. This listener is configured to handle specific types of requests.
+4. **Rule**: Based on the listener's configuration, rules are applied to direct traffic. These rules determine how requests are routed to the backend.
+5. **Backend Pool**: The destination for the traffic. This pool can include:
+    - **Virtual Machines (VMs)**: Individual virtual servers.
+    - **Virtual Machine Scale Sets (VMSS)**: Groups of identical VMs that can automatically scale.
+    - **App Services**: Managed services for hosting web applications.
+6. **Encryption**: The diagram highlights that traffic between the application servers and the application gateway is encrypted, ensuring secure communication.
+	1. **AES-256 (Advanced Encryption Standard)**: This is a symmetric encryption algorithm widely used for its high level of security and efficiency.  
+	2. **RSA-4096**: This is an asymmetric encryption algorithm used for secure data transmission. It uses a pair of keys (public and private) and is known for its robustness, especially with a 4096-bit key
+	3. **TLS 1.3 (Transport Layer Security)**: This protocol provides secure communication over a computer network. TLS 1.3 is the latest version and offers improved security and performance over its predecessors 
+
+A traditional load balancer directs traffic based on where it's coming from and where it's supposed to go, much like how a post office sorts mail based on the address on the envelope. However, Azure Application Gateway besides knowing where the traffic comes from and where it's going, it can also direct traffic based on what's being asked for in the request (APIs).
+- back end health check
+- autoscaling
+- session affinity
+- WAF
+
 ## AZ [FRONT DOOR](https://learn.microsoft.com/en-us/azure/frontdoor/front-door-overview)
 
 L7,  GLOBAL
 
 Uses [anycast](https://en.wikipedia.org/wiki/Anycast) to manage the connection as close as possible to the client ( the lowest number of [BGP](https://en.wikipedia.org/wiki/Border_gateway_protocol) network hops) with hundreds of PoPs (point of  presence) CDN connected through a high speed WAN.
 
+**Key Features**:
+
+1. **Global Load Balancing**: Routes traffic to the closest and healthiest backend based on latency, ensuring optimal performance for users worldwide 
+2. **Content Delivery Network (CDN)**: Provides caching and acceleration for static and dynamic content, reducing load times 
+3. **Web Application Firewall (WAF)**: Offers built-in protection against common web threats like SQL injection and cross-site scripting 
+4. **SSL Offloading**: Terminates SSL/TLS connections at the edge, reducing the load on backend servers 
+5. **Multi-Region Failover**: Ensures high availability by automatically routing traffic to another region if the primary region fails 
+
 ## NSG – Network Security Group (L4)
 
-Allows us to groups network resources through tags instead of caring of IPs
+Allows us to group network resources through tags instead of caring of IPs.
 
-SUBNET specifics
+SUBNET or NIC specific.
+
+**Network Security Groups (NSGs)** can be applied to a single VM, subnet, or network adapter. **only one NSG** can be associated with each of these resources.
 
 - Service endpoint: identifies an internal subnet to be allowed to call other internal services by allowing it in the target service firewall
 - Private endpoint: identifies a specific service instance inside a private subnet. Requires also a DNS configuration in order to be found by other internal services.
+- Through a resource manager deployment model they can be assigned at NIC level, such that the same VM would have different security rules assigned to its network interfaces.
+- Limit of 100 NSG per region. Max 200 rules per NSG. This limits can be increased by raising a support ticket.
+- https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#default-security-rules
+
+
+## ASG - Application Security Group
+
+https://learn.microsoft.com/en-us/azure/virtual-network/application-security-groups
+
+It lets you focus on the business logic instead of networking details like IP addresses, allowing you to group virtual machines and define network security policies based on those groups (eg: AKS nodepool).
+All network interfaces assigned to an ASG should be in the same VNET.
 
+## [Service Endpoints](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview)
 
+Virtual Network service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
+Useful to identify internal resources that would have a non unique private IP while communicating through private VNets. Also it doesn't require a NAT Gateway.
 
 -----
 
@@ -663,6 +709,7 @@ flowchart TD
 * **Allocated dynamically** or statically from the VNet’s address space.
 * IPs are associated with NICs via Azure Resource Manager (ARM) configurations, not manually or directly by the admin.
 For load balancers, IPs are assigned to frontend configurations, not directly to the NIC.
+* Azure reserves the first four and last IPs in each subnet (e.g., .0, .1, .2, .3, and .255 in a /24).
 
 
 **🔎 Tip**: Private IPs are the default addressing method inside Azure VNets. Public IPs are required only for external communication.
