General Security and Network Security Flashcards
Azure Security Center
A monitoring service that provides threat protection/security recommendations across both Azure and on-prem DCs
- Detect and block malware
- Analyze and identify potential attacks
- Just-in-time access control for ports
Azure Security Center Capabilities
- Policy compliance - run policies across management groups, subs, or tenants
- Continuous assessments - assess new/deployed resources to ensure proper configuration
- Tailored recommendations - based on existing workloads w/ instructions on how to implement
- Threat protection - analyze attempted threats thru alerts/impacted resource reports
Azure Sentinel
A security information management (SIEM) and security automated response (SOAR) solution that provides security analytics and threat intelligence across an enterprise.
Azure Sentinel Connectors and Ingrations
- Office 365
- Azure Active Director
- Azure Advanced Threat Protection
- Microsoft Cloud App Security
Azure Key Vault
Stores application secrets in a centralized cloud location in order to securely control access permissions and access logging
Azure Key Vault Storage
- Secrets management.
- Key management.
- Certificate management.
- Storing secrets backed by hardware security modules (HSMs).
Azure Key Vault Integration
• Simplified administration of application secrets.
• Key Vault makes it easier to enroll and renew certificates from public certificate authorities
• Can also scale up/replicate content within regions and use standard certificate management tools.
• Can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services,
which can then securely reference the secrets stored in Key Vault.
Azure Dedicated Host
Provides physical servers that host one or more Azure virtual machines that is dedicated to a single organization’s workload.
Benefits
• Hardware isolation at the server level
• Control over maintenance event timing
• Aligned with Azure Hybrid Use Benefits
Defense in Depth
- A layered approach to securing computer systems.
- Provides multiple levels of protection.
- Attacks against one layer are isolated from subsequent layers.
Physical security layer
The first line of defense to protect computing hardware in the datacenter
Identity and access layer
Controls access to infrastructure and change control. The identity and access layer is all about ensuring that identities are secure, access is granted only to what’s needed, and sign-in events and changes are logged.
Perimeter layer
- Uses DDoS protection to filter large-scale attacks before they can cause a denial of service for users.
- At the network perimeter, it’s about protecting from network-based attacks against your resources.
- Identifying attacks, eliminating impact, and alerting are important ways to keep your network secure.
Network layer
- Limits communication between resources through segmentation and access controls.
- At this layer, focus is on limiting the network connectivity across all your resources to allow only what’s required.
- By limiting this communication, you reduce the risk of an attack spreading to other systems in your network.
Compute layer
- Secures access to virtual machines.
- Malware, unpatched systems, and improperly secured systems open your environment to attacks.
- Focus is on ensuring your compute resources are secure and the proper controls are in place
Application layer
- Helps ensure applications are secure and free of security vulnerabilities.
- Helps reduce the number of vulnerabilities introduced in code.
- Every development team should ensure that its applications are secure by default.