Security Flashcards
what is a firewall?
A set of rules that define what traffic can and cannot access the devices and services in your network.
Firewall Characteristics?
1) firewalls can be hardware or software.
2) They can suit any network or host.
3) They are critical parts of your security.
What is DDoS?
Distributed Denial of service.
* Lots of nodes targeting a single website / URL, the goal of which is to make the target become unavailable.
What does NSG stand for?
Network Security Group.
What is the NSG?
A resource level firewall that can be attached to a virtual network, subnet or network interface.
An NSG determines who can access the resources attached to it, using ingress and egress traffic rules.
What are Application Security Groups?
This is an extension of the NSG.
- It focuses on the protection and security of an application rather than an IP endpoint.
- You can group VMs and virtual networks into logical application groups and apply an application security group.
What is Azure Security Centre?
It is has been rebranded as Microsoft Defender for cloud
Characteristics of Azure Security Centre?
It is an alerting and detection portal in the Azure Portal.
- Agents are deployed on VMs to provide data to the Centre.
- It supports Hybrid setups.
- Attack and Anomaly Detection.
- Policy and Compliance Metrics.
- Security score for your Azure Environment.
- Integrates with other cloud providers.
- Alerts on resources that are not secure
How to use the Azure Security Centre?
- Define policies (Azure can provide some templates).
- Protect Resources (monitor policies).
- Respond - Respond to Security alerts, if need be revise/define new policies.
What is the Azure Key Vault?
An Azure Keyword and Password management solution.
- It allows you to enable access to applications.
- Azure Keyvault hardware is secure as well.
- Applications are isolated to prevent unnecessary password sharing.
- Support scaling.
What is Azure Information Protection?
It enables the securing sharing of data to internal and outside entities.
- works with O365
- Data must be classified (policy or manual)
- It allows you to track activity with regards to sharing.
- You can control who can edit, view or print.
- Integrates with O365, Teams, SharePoint etc.
What is Microsoft Defender for Identity?
Users are unreliable and untrustworthy.
- Monitors user and activity in your network.
- Creates baselines for user activity.
- Abnormal activity creates alerts.
- Defender for Identity will suggest security changes to increase security.
What is Azure Sentinel?
This is Microsoft’s SIEM Tool.
- data is collected, aggregated, normalised and ingested by Azure.
- Data is analysed anomalies and detections are escalated.
- leverages behavioural Analytics (AI)
- AWS Integration.
- cloud Scale.
What are Azure Dedicated Hosts?
Designed to meet dedicated hardware / server requirements.
- There is hardware isolation.
- Only companies run data on the hardware is you.
- Can be expensive.
- makes use of other cloud technology.
What does Microsoft Defender for Identity Protect against?
1) Reconnaissance - users searching for other user info.
2) Brute Force - Password guessing attempts.
3) Increased Privs - Attempts from users to gain additional privs.
