KEMBAR78
Azure Security for IT Professionals | PDF | Denial Of Service Attack | Microsoft Azure
0% found this document useful (0 votes)
104 views12 pages

Azure Security for IT Professionals

This document provides an overview of security and network security features in Azure. It discusses Azure Security Center for monitoring security posture, Azure Sentinel for collecting and acting on security data, and Azure Key Vault for securely storing sensitive information. It also describes Azure Dedicated Host for managing dedicated physical servers, Azure Firewall for network security, Azure DDoS Protection for mitigating DDoS attacks, and Network Security Groups for filtering network traffic.

Uploaded by

rajagopalan19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
104 views12 pages

Azure Security for IT Professionals

This document provides an overview of security and network security features in Azure. It discusses Azure Security Center for monitoring security posture, Azure Sentinel for collecting and acting on security data, and Azure Key Vault for securely storing sensitive information. It also describes Azure Dedicated Host for managing dedicated physical servers, Azure Firewall for network security, Azure DDoS Protection for mitigating DDoS attacks, and Network Security Groups for filtering network traffic.

Uploaded by

rajagopalan19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Azure Essentials

MODULE 3: AZURE SECURITY AND NETWORK SECURITY

www.skaas.guru
Objectives 2

 Strengthen your security posture and protect against threats by using Azure
Security Center.
 Collect and act on security data from many different sources by using Azure
Sentinel.
 Store and access sensitive information such as passwords and encryption keys
securely in Azure Key Vault.
 Manage dedicated physical servers to host your Azure VMs for Windows and
Linux by using Azure Dedicated Host.

www.skaas.guru
3

Azure Security

www.skaas.guru
Azure Security Center 4
 Azure Security Center is a monitoring service that provides visibility of your security posture
across all of your services, both on Azure and on-premises. The term security posture refers
to cybersecurity policies and controls, as well as how well you can predict, prevent, and
respond to security threats.
 Security Center can:
 Monitor security settings across on-premises and cloud workloads.
 Automatically apply required security settings to new resources as they come online.
 Provide security recommendations that are based on your current configurations, resources, and
networks.
 Continuously monitor your resources and perform automatic security assessments to identify
potential vulnerabilities before those vulnerabilities can be exploited.
 Use machine learning to detect and block malware from being installed on your virtual machines
(VMs) and other resources. You can also use adaptive application controls to define rules that list
allowed applications to ensure that only applications you allow can run.
 Detect and analyze potential inbound attacks and investigate threats and any post-breach
activity that might have occurred.
 Provide just-in-time access control for network ports. Doing so reduces your attack surface by
ensuring that the network only allows traffic that you require at the time that you need it to.

www.skaas.guru
Azure Sentinel 5

 Azure Sentinel enables you to:


 Collect cloud data at scale
 Collect data across all users, devices, applications, and infrastructure, both on-
premises and from multiple clouds.
 Detect previously undetected threats
 Minimize false positives by using Microsoft's comprehensive analytics and threat
intelligence.
 Investigate threats with artificial intelligence
 Examine suspicious activities at scale, tapping into years of cybersecurity experience
from Microsoft.
 Respond to incidents rapidly
 Utilize built-in orchestration and automation of common tasks.

www.skaas.guru
Azure Key Vault 6

 Manage secrets
 You can use Key Vault to securely store and tightly control access to tokens,
passwords, certificates, API keys, and other secrets.
 Manage encryption keys
 You can use Key Vault as a key management solution. Key Vault makes it easier
to create and control the encryption keys that are used to encrypt your data.
 Manage SSL/TLS certificates
 Key Vault enables you to provision, manage, and deploy your public and private
Secure Sockets Layer / Transport Layer Security (SSL/TLS) certificates for both your
Azure resources and your internal resources.
 Store secrets backed by hardware security modules (HSMs)
 These secrets and keys can be protected either by software or by FIPS 140-2 Level
2 validated HSMs.

www.skaas.guru
Azure Dedicated Host 7
 Azure Dedicated Host:
 Gives you visibility into, and control over, the server infrastructure that's
running your Azure VMs.
 Helps address compliance requirements by deploying your workloads
on an isolated server.
 Lets you choose the number of processors, server capabilities, VM series,
and VM sizes within the same host.

www.skaas.guru
8

Network Security on Azure

www.skaas.guru
Layers of Defense 9

 The physical security layer is the first line of defense to protect


computing hardware in the datacenter.
 The identity and access layer controls access to infrastructure and
change control.
 The perimeter layer uses distributed denial of service (DDoS)
protection to filter large-scale attacks before they can cause a
denial of service for users.
 The network layer limits communication between resources through
segmentation and access controls.
 The compute layer secures access to virtual machines.
 The application layer helps ensure that applications are secure and
free of security vulnerabilities.
 The data layer controls access to business and customer data that
you need to protect.

www.skaas.guru
Azure Firewall 10

www.skaas.guru
Azure DDoS Protection 11

 Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS
attacks.
 When you combine DDoS Protection with recommended application design
practices, you help provide a defense against DDoS attacks. DDoS Protection
uses the scale and elasticity of Microsoft's global network to bring DDoS
mitigation capacity to every Azure region.
 The DDoS Protection service helps protect your Azure applications by analyzing
and discarding DDoS traffic at the Azure network edge, before it can affect your
service's availability.

www.skaas.guru
Network Security Groups 12

 A network security group enables you to filter network traffic to and from
Azure resources within an Azure virtual network.
 An NSG can contain multiple inbound and outbound security rules that
enable you to filter traffic to and from resources by source and destination IP
address, port, and protocol.
 When you create a network security group, Azure creates a series of default
rules to provide a baseline level of security.
 You can't remove the default rules, but you can override them by creating
new rules with higher priorities.

www.skaas.guru

You might also like