Module 4bb - Security and Network Security - Azure Firewall, DDos Flashcards
What is Azure Firewall?
A managed, cloud-based network security service that helps protect provisioned Resources in your AVN (Azure Virtual Networks)
What makes Azure Firewall stateful?
Analyzes the complete context of a network connection (not just an individual packet) i.e. it examines the full state of a network connection
Why does Azure Firewall use a static public IP Address for AVN Resources?
It enables outside firewalls to identify all traffic COMING FROM that AVN.
Azure Firewall as some notable features
- What’s the most general or common feature given it is hosted in Azure (i.e. what does Azure offer)?
- What two common Firewall features does it support?
- What Azure-specific feature does it support (it’s integrated with….)?
1 Like most all Azure Services … High availability, unrestricted cloud scalability
2 In addition to that, Firewall specific features include:
- Inbound/Outbound filtering rules
- Supports inbound Destination Network Address Translation (DNAT)
3 It’s integrated into Azure Monitor for logging and analytics
Hint: A FQDN, N, NAT
What three (3) types of Rules can be configured in Azure Firewall?
- Application rules that define FQDNs (fully qualified domain names) that can be accessed from a subnet
- Network rules that define source’s address/protocol/destination and its destination/port address
- NAT (Network Address Translation) rules that define destination IP addresses and ports to translate inbound requests
What two entities can Azure Firewall apply to?
Firewall applies connectivity Policies across both Subscriptions and Virtual Networks
What does Azure Firewall provide for (both Application AND Network Connectivity) Policies?
Provides a central location to create, enforce and log both Application AND Network connectivity Policies
What is a Web Application Firewall (WAF)?
WAFs provide centralized INBOUND protection for web applications against common exploits and vulnerabilities
What Azure Services provide a WAF? (name three)
- Azure Front Door (Cloud CDN with additional security features)
- Azure Content Delivery Networks
- Azure Application Gateway
What is a Distributed Denial of Service attack? Other than by its definition, what else about DDoS attacks are detrimental to Azure-based applications?
An attack that attempts to overwhelm and exhaust an application’s resources, making it slow and unresponsive. Anything publicly reachable (websites, web services, etc.)
W.r.t. Cloud and auto-scaling, a DDoS attack can blow up your costs by forcing auto-scaling on services
What is Azure DDoS Protection?
It’s a service that provides attack mitigation capacity to all Azure Regions
- Sits between your AVN and the Azure Backbone
- Uses scale and elasticity for mitigation
- It identifies and discards DDoS traffic at the network edge before it can affect your services, while allowing customer traffic in without interruption.
You can receive credit for auto-scaled out Resources during a DDoS attack (T/F)?
True
What is the Basic Tier for DDos Protection?
Basic
- Auto enabled for free
- Always-On monitoring
- Ensures the basic Azure infrastructure is not affected during a large-scale attack
- Azure’s global network is used to distribute/mitigate the attack across Azure Regions
What is the Standard Tier for DDoS Protection?
Standard
- Not free but otherwise provides the same features as Basic
- In addition, provides more mitigation capabilities specific to AVNs
- Machine Learning and dedicated traffic monitoring used for tuning protection policies, which are applied to public IP addresses associated to Resources deployed in your AVNs (things like Azure Load Balancer or Application Gateway)
Hint: V P R(A)
What three (3) kinds of attack can DDoS Protection help prevent?
- Volumetric attacks: flooding the network layer with substantial traffic
- Protocol attacks: exploiting weaknesses in layer 3 and 4 protocol stacks, rendering the target inaccessible
- Resource (Application) layer attacks: targets web packets to disrupt transmission of data between hosts.
