Interview: Azure Fundamentals_Part 4

What’s Azure Security Center?

Security Center can:

• Monitor security settings across on-premises and cloud workloads.
• Automatically apply required security settings to new resources as they come online.
• Provide security recommendations

The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

What’s secure score?

Secure score is a measurement of an organization’s security posture.

Protect against threats

• Just-in-time VM access — This access allows traffic for a specified time when an administrator requests and approves it.
• Adaptive application controls — In the background, Security Center uses machine learning to look at the processes running on a virtual machine. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.
• Adaptive network hardening — Security Center can monitor the internet traffic patterns of the VMs and compare those patterns with the company’s current network security group (NSG) settings.
• File integrity monitoring- We can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.

Respond to security alerts

The company can dismiss false alerts, investigate them further, remediate alerts manually, or use an automated response with a workflow automation.

Workflow automation uses Azure Logic Apps and Security Center connectors.

Store and manage secrets by using Azure Key Vault

What are the benefits of Azure Key Vault?

• Centralized application secrets
• Securely stored secrets and keys

Host your Azure virtual machines on dedicated physical servers by using Azure Dedicated Host

On Azure, virtual machines (VMs) run on shared hardware that Microsoft manages.

What is defense in depth?

A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack.

Layers of defense in depth (7)

• The physical security layer is the first line of defense to protect computing hardware in the datacenter.
• The identity and access layer controls access to infrastructure and change control.
• The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
• The network layer limits communication between resources through segmentation and access controls.
• The compute layer secures access to virtual machines.
• The application layer helps ensure that applications are secure and free of security vulnerabilities.
• The data layer controls access to business and customer data that you need to protect. — Database

What’s Azure Firewall?

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks.

Azure Firewall uses a static (unchanging) public IP address for your virtual network resources, which enables outside firewalls to identify traffic coming from your virtual network.

What can I configure with Azure Firewall?

With Azure Firewall, you can configure:

• Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.
• Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.

Azure Application Gateway also provides a firewall that’s called the web application firewall (WAF). WAF provides centralized, inbound protection for your web applications against common exploits and vulnerabilities. Azure Front Door and Azure Content Delivery Network also provide WAF services.

What are DDoS attacks?

A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users.

What is Azure DDoS Protection?

Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.

DDoS Protection Standard protects the WAF from volumetric and protocol attacks.

What are network security groups?

A network security group enables you to filter network traffic within an Azure virtual network. You can think of NSGs like an internal firewall.

Combine services

You can combine Azure networking and security services to manage your network security and provide increased layered protection. Here are two ways you can combine services:

• Network security groups and Azure Firewall
• Azure Application Gateway web application firewall and Azure Firewall