Security Flashcards
Describe Azure NSGs and NSG rules.
NSGs are applied to VNets or subnets.
Creating inbound and outbound rules allows the user to filter traffic to the resources in the Vnet / Subnet.
Each rule has a name, priority, source/destinatinon (IP), protocol, direction, port range, and action (allow/deny)
What is the relationship between NSGs and VNets/subnets.
A vnet/subnet has 0 or 1 NSGs
An NSG can be applied to as many Vnets/subnets as desired.
Describe Azure DDoS Protection
Azure DDoS protections protects against DDoS attacks (volumetric, application, and protocol attacks).
Basic and Standard tiers. Standard provides enhanced protection for VNet resources.
Describe Azure Firewall and its key features.
Managed cloud firewall to protect your VNet resources.
- Built-in HA
- Network and application level filtering
- SNAT / DNAT to communicate with internet
- multiple public IPs
- threat intelligence
- Azure Monitor integration for logs.
Describe Azure Bastion and its key features.
Managed service that allows RDP / SSH access to VMs in VNets securely over TLS without having to expose/open ports.
- Can access VM in same Vnet or peered VNet.
Describe Azure Web Application Firewall.
Managed web app firewall that protects against known exploits and vulnerabilities (e.g. SQL injection or cross-site scripting).
Can be deployed with
- Azure Front Door
- Azure Application Gateway
- Azure CDN
Describe data encryption in Azure
- Storage Service Encryption (Azure Storage Accounts)
- Azure Disk Encryption (bitlocker for windows, dm-crypt for linux)
- Transparent Data Encryption (SQL DB and Synapse SQL Pools)
Describe Key Vault
Centralised service for storing application secrets, keys, and certificates.
Describe the principles of cloud security posture management.
To identify and prioritise the remediation of security risks through assessment checks and automated compliance monitoring.
Describe Microsoft Defender for Cloud and its key features.
Microsoft’s CPSM tool. Enables continuous assessment of security posture, hardening guidance, and threats detection/resolution.
- Secure score, Network Map, Cloud Workload Protection plans.(e.g. Defender for Servers, Defender for App Service, etc.)
Describe the Microsoft Defender for Cloud tiers and features.
Two tiers:
- Free and Enhanced Security Features.
Features of Enhanced tier:
- Protection for other cloud and hybrid.
- Vulnerability scanning (VMs and container registries)
- Track compliance against a range of standards.
- Access and application controls
- Threat protection alerts and Defender for Endpoint.
Describe Azure Security Baselines.
Each Azure service has a service baseline.
The baseline consists of service controls that contains recommendations, guidance, and responsibility.
Describe SIEM, SOAR, and XDR.
SIEM = security information event management SOAR = security orchestration automated response XDR = eXtended detection and response
Describe Microsoft Sentinel and its integrated threat protection capabilities.
Cloud native SIEM / SOAR solution.
- Connect to your services and ingest security data via connectors
- Analyse with Workbooks (Azure Monitor integration)
- Manage incidents
- SOAR playbooks (Azure Logic Apps)
- Hunting and Investigation capabilities
- integration with Defender for Cloud and Defender 365.
Two pricing models: Capacity reservation or Pay-as-you-go.
Describe the services of Microsoft 365 Defender.
It’s an enterprise defense suite with four main component services:
- Defender for Office 365. (safeguards threats from email, links, collaboration tools.)
- Defender for Endpoint. (protects against threats to endpoints. Asset discovery, vuln mgmt, attack surface reduction rules, antivirus, threat analytics and hunting, remediation automation, )
- Defender for Cloud Apps. (Cloud access security broker - gives visibility, threat protection, data security, and compliance to cloud apps.)
- Defender for Identity. (protect against id threats, compromised ids, and malicious insider actions.)
Brings these together in the Microsoft Defender 365 portal.
