Skip to content

General security network security

General Security

  • Azure Security Center

    • Provides visibility of the security postures across all the cyber services both on Azure and on-premise
    • Security postured refers cybersecurity policies and controls as well as how well you can predict, present and respond to the security thread.
    • Detect, analyze and apply new security settings to the azure resources
    • use Ml to avoid installing malware application
    • Protect against threats
      • Just in time VM access : blocks traffic by default, waits for admin approval
      • Adaptive app control : application running allowance is controlled
      • Adaptive traffic/network hardening : SC monitors the internet traffic patterns of the VMs
      • SC can make recommendation on teh Network.
      • File integrity monitoring is also provided
      • Workflow automation uses Azure logic apps and security center
      • SC is centralised security portal

  • SIEM (Security Information and Event Management) aggregates security data from many sources.

    • It provides capabilities for threat detection and response
    • Azure Sentinel is SIEM
      • Collects cloud data
      • Detect previously undetected threats
      • Investigates threats with AI
      • Responds to incidents rapidly
      • Connect datasource which sentinel can analyse
      • Connector is also available for non-microsoft services such as AWS cloudtrail
      • Connects to other datasource as well
      • Built in analytics
        • templates based analysis - template are provided by Azure, or it can be custom as well

  • Azure Monitor Playbooks automates response to the threat

  • Azure key vault

    • Centralized service to store the secrets
    • Manages secrets, encryption and certificates SSL/TLS etc.

  • Azure dedicated host provides a physical unit to run your VMs

Network Security

Defense in depth

  • Physical Security : First line of defense to protect computing hardware
  • Identify & Access : Stop unauthorized access - SSO, MFA
  • Perimeter : DDoS protection, firewalls
  • Network : Limits connection between resources though segmentation and access control
  • Compute : Secure access to virtual machines, endpoint protection
  • Application : Apps are safe and free of security vulnerabilities
  • Data : Controls access to business and customer data

Security Postulates - Confidentiality - Principle of the least privileges - Includes protection of user passwords, email access and access control - Integrity - Prevent unauthorized access to info - data sent in a channel is checked on the basis of their hash if it is not compromised

Protect Virtual network by using Azure Firewall

  • Firewall is a network security device that monitor incoming an outgoings network traffic decide whether to allows or block specific traffic

  • Managed cloud based firewall

    • It is a stateful firewall, analyses the complete content of a network connection
    • uses static public IP for subnet resources
    • Built in high Availability
    • Unrestricted cloud scalability
    • Inbound and outbound filtering rules
    • Inbound Destination Network Address Translation (DNAT) support
    • Azure monitor
    • Network rules that defines
      • Source address
      • Protocol
      • destination port and
      • destination address

  • Web Application Firewall : Azure FrontDoor, Azure CDN

Protect from DDoS attacks

  • Understands between legitimate and attacking users and blocks the unauthorized access to apps
  • Types of attacks
    • Volumetric : No of requests
    • Protocol Layer : weakness in layer 3 and 4
    • Resource Layer/App layer : You'll require WAF to protect against L7 attacks

  • NSG

    • Filter traffic to and from Azure resources
    • It is an Internal firewall

  • Combined services

    • NSG and Azure Firewall
    • WAF and Azure Firewall