Azure Essentials: Module 3: Azure Security and Network Security
Azure Essentials: Module 3: Azure Security and Network Security
Azure Essentials: Module 3: Azure Security and Network Security
www.skaas.guru
Objectives 2
Strengthen your security posture and protect against threats by using Azure
Security Center.
Collect and act on security data from many different sources by using Azure
Sentinel.
Store and access sensitive information such as passwords and encryption keys
securely in Azure Key Vault.
Manage dedicated physical servers to host your Azure VMs for Windows and
Linux by using Azure Dedicated Host.
www.skaas.guru
3
Azure Security
www.skaas.guru
Azure Security Center 4
Azure Security Center is a monitoring service that provides visibility of your security posture
across all of your services, both on Azure and on-premises. The term security posture refers
to cybersecurity policies and controls, as well as how well you can predict, prevent, and
respond to security threats.
Security Center can:
Monitor security settings across on-premises and cloud workloads.
Automatically apply required security settings to new resources as they come online.
Provide security recommendations that are based on your current configurations, resources, and
networks.
Continuously monitor your resources and perform automatic security assessments to identify
potential vulnerabilities before those vulnerabilities can be exploited.
Use machine learning to detect and block malware from being installed on your virtual machines
(VMs) and other resources. You can also use adaptive application controls to define rules that list
allowed applications to ensure that only applications you allow can run.
Detect and analyze potential inbound attacks and investigate threats and any post-breach
activity that might have occurred.
Provide just-in-time access control for network ports. Doing so reduces your attack surface by
ensuring that the network only allows traffic that you require at the time that you need it to.
www.skaas.guru
Azure Sentinel 5
www.skaas.guru
Azure Key Vault 6
Manage secrets
You can use Key Vault to securely store and tightly control access to tokens,
passwords, certificates, API keys, and other secrets.
Manage encryption keys
You can use Key Vault as a key management solution. Key Vault makes it easier
to create and control the encryption keys that are used to encrypt your data.
Manage SSL/TLS certificates
Key Vault enables you to provision, manage, and deploy your public and private
Secure Sockets Layer / Transport Layer Security (SSL/TLS) certificates for both your
Azure resources and your internal resources.
Store secrets backed by hardware security modules (HSMs)
These secrets and keys can be protected either by software or by FIPS 140-2 Level
2 validated HSMs.
www.skaas.guru
Azure Dedicated Host 7
Azure Dedicated Host:
Gives you visibility into, and control over, the server infrastructure that's
running your Azure VMs.
Helps address compliance requirements by deploying your workloads
on an isolated server.
Lets you choose the number of processors, server capabilities, VM series,
and VM sizes within the same host.
www.skaas.guru
8
www.skaas.guru
Layers of Defense 9
www.skaas.guru
Azure Firewall 10
www.skaas.guru
Azure DDoS Protection 11
Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS
attacks.
When you combine DDoS Protection with recommended application design
practices, you help provide a defense against DDoS attacks. DDoS Protection
uses the scale and elasticity of Microsoft's global network to bring DDoS
mitigation capacity to every Azure region.
The DDoS Protection service helps protect your Azure applications by analyzing
and discarding DDoS traffic at the Azure network edge, before it can affect your
service's availability.
www.skaas.guru
Network Security Groups 12
A network security group enables you to filter network traffic to and from
Azure resources within an Azure virtual network.
An NSG can contain multiple inbound and outbound security rules that
enable you to filter traffic to and from resources by source and destination IP
address, port, and protocol.
When you create a network security group, Azure creates a series of default
rules to provide a baseline level of security.
You can't remove the default rules, but you can override them by creating
new rules with higher priorities.
www.skaas.guru