Azure Security and Features Facts Flashcards
Data
The data layer includes data stored in databases, virtual machines, cloud storage, and SaaS applications. Many regulatory requirements are in place to ensure that data remains confidential.
Application
The application layer includes applications and application secret storage. Ideally, an organization should integrate security into its application development process.
Compute
The compute layer includes virtual machines, systems, and endpoints. Each of these should be secured and should have access controls in place.
Network
Network includes all network resources. Network segments, secure connectivity, limited internet access, and secure connectivity between cloud and on-premises networks help with this defense.
Perimeter
Firewalls and DDoS protection are the primary defenses at the perimeter level. It’s harder to eliminate a threat once it has breached your perimeter.
Identity and access
Identify and access defense measures include SSO and multifactor authentication, control access, and event audits, ensuring that access is only granted as needed and logging all events and changes.
Physical
The physical layer includes building security and data center access. Physical defenses help to ensure that only authorized individuals have access to a building or a data center and that any loss or theft is documented and addressed.
Azure Security Center
The Azure Security Center is a centralized security monitoring service that helps to protect your services from security threats. Azure Security Center:
Monitors cloud and on-premises services
Monitors resources
Performs security assessments
Identifies vulnerabilities
Detects and stops malware installation
Applies security settings to new resources
Azure Sentinel
Azure Sentinel is a security information and event management (SIEM) system. SIEM systems collect data from various sources for threat detection and response that includes:
Data collection from cloud and on-premises
Microsoft analytics and threat intelligence to detect hidden threats
Task automation to respond to incidents quickly
Azure Key Vault
Azure Key Vault is a centralized cloud service that stores highly sensitive secrets such as passwords, certificates, tokens, and API keys. Azure Key Vault:
Stores and manages sensitive information
Can be used to create and manage encryption keys
Can be used to create and manage SSL/TLS certificates for both internal and Azure resources
Provides access control and access monitoring
Azure Dedicated Host
Although VMs are logically separated and isolated from VMs from other organizations, there is a good chance they are hosted on the same physical hardware. While this is okay for most situations, some regulations or compliance regulations may not allow this setup.
Azure Dedicated Host ensures that your VMs are hosted on dedicated physical servers. You can select the appropriate Azure region, availability zone, and fault domain to help ensure high availability.
Azure Firewall
Azure Firewall inspects network traffic and filters network traffic. Traffic can be filtered by port number, protocol, FQDN, and network address. Network administrators can set NAT, network, or application rules to deny or allow various traffic types.
Azure Firewall reviews the traffic, compares it to the existing rules, and permits or blocks the traffic accordingly.
Azure DDoS Protection
Azure DDoS Protection provides a level of defense against several types of distributed denial-of-service attacks, including:
Volumetric attacks
Resource-level attacks
Protocol attacks
Network security groups
Network security groups (NSG) are firewall services offered by Azure. These NSGs filter network traffic between services in an Azure virtual network.