3 - Security, Privacy & Trust Flashcards
Azure Firewall
a managed service inside Azure that protects your virtual networks from unauthorized traffic
Azure DDoS Protection
Basic - Free and tuned for Azure region traffic
Standard - Tuned for application traffic. Adds logging, alerting and telemetry for you to see these attacks happening
Network Security Group (NSG)
Rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network
Application Security Group (ASG)
A way of grouping related resources together to simplify the way NSG rules are created. All front end VMs can be in one ASG, while the mid-tier is in another. And then you can refer to them in the NSG rule by their ASG name
User Defined Routes (UDR)
A way of forcing traffic travelling over a virtual network over a specific path. This is usually used in conjunction with Firewall devices, or ExpressRoute.
Security Best Practices
- All virtual networks should use an NSG
- Security through layers is also a good idea because if one layer is breached, there are backups
- Application Gateway with WAF is generally a good idea for production systems
Azure Security Center
A Unified security management and threat protection; a security dashboard inside Azure Portal
Azure Information Protection (AIP)
Classify emails and documents; likea DRM for documents; secret, top secret, public, etc.; enforced by Outlook 365
Azure Advanced Threat Protection (ATP)
monitor Azure AD and detect when users are behaving differently than they normally do; requires additional login requirements like MFA or even locks them out when they do
Azure Policy
- Implement standards in Azure for your organization
- Rules can be enforced by blocking the action or just reporting the action
Azure Policy Types
● Require SQL Server 12.0 ● Allowed Storage Account SKUs ● Allowed Regions for resources to be created in ● Allowed Virtual Machine SKUs ● Require resources have tag
Locks Access Control
Limit who has the ability to delete locks
Azure Advisor
Recommendations based on your specific account
- HA
- Security
- Performance
- Cost
- Op Excellence
GDPR - General Data Protection Regulation
law that covers how you collect, store, protect and report data of EU citizens
NIST
- Cyber security framework
- requires an audit to see that you’re following security and privacy best practices
Compliance Manager
- Manage your own regulatory compliance
- Track, Assign and verify your companies regulatory compliance
Service Trust Portal
Service Trust Portal (STP)
-Compliance Manager
Azure China cloud services
- Not connected to the rest of Azure
- Separate datacenters, login, standards
Trust center
A website with details about how Microsoft implements and supports security, privacy, compliance in all Microsoft cloud products and services.
Azure Monitor vs. Service Health
- Use Azure monitor to alert on issues in your subscription
- Use Azure Service Health to alert on issues across all of Azure worldwide
Azure Blueprints
Can consists of a set of resource groups, policies, role assignments, and Resource Manager template deployments.
- A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package – including through a CI/CD pipeline.
- Ultimately, each is assigned to a subscription in a single operation that can be audited and tracked.
Locks
Read Only or Can Not Delete
Application Insights
Service that monitors the availability, performance, and usage of your web applications
Microsoft Privacy Statement
Explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
ISO/IEC 27018
Code of practice for protection of personally identifiable information in public clouds
Service Trust Portal - Details
The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.
Compliance Manager
Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
