Security and connectivity for Azure relational data services Flashcards
What does Azure Defender for SQL do?
Azure Defender for SQL provides a set of advanced SQL security capabilities, including SQL Vulnerability Assessment and Advanced Threat Protection.
What is DoSGuard?
DoSGuard is SQL gateway service that reduces Denial of service (DoS) attacks.
How does DoSGuard work?
If there’s multiple failed login attempts from an IP within a period of time, the IP address is blocked from accessing any resources in the service for a short while.
What does a connection policy of Proxy do?
A policy of Proxy ensures that once a service connects with a gateway, all traffic from then on flows through the gateway.
Each request could potentially be serviced by a different database in the cluster.
What tasks does the Azure SQL Database gateway do?
1) It validates all connections to the database servers
2) It encrypts all communications between a client and the database servers.
3) It inspects each network packet sent over a client connection. The gateway validates the connection information in the packet, and forwards it to the appropriate physical server based on the database name that’s specified in the connection string.
What connection policy do non-Azure services connecting to Azure SQL Database have by default?
Proxy.
What connection policy do Azure services connecting to Azure SQL Database have by default?
Redirect.
What does a connection policy of Redirect do?
A policy of Redirect means after a service has connected to the gateway once, all subsequent traffic from the service goes straight to the Azure SQL database rather than through the gateway.
If the service loses connection with database, the next connection will have to authenticate through the gateway again. when it may be connected to a different copy of the database on another server in the cluster.
What does Azure Defender for open-source relational databases do?
Azure Defender for open-source relational databases provides security alerts on anomalous activities so you can detect potential threats and respond to them as they occur.
What can you do to further improve an Azure open-source data service’s security?
Enable Azure Defender for open-source relational databases.
What can you do to further improve an Azure SQL data service’s security?
Enable Azure Defender for SQL.
How is a connection to Azure SQL Database established?
1) Clients connection to a gateway that has a public IP address and listens on port 1443.
2) Depending on the connection policy, the gateway either redirects the traffic to the database cluster or acts as a proxy for the database cluster.
3) Inside the database cluster, traffic is forwarded to the appropriate Azure SQL database.
What are VLANs and ACLs used for?
Restricting network communications by source and destination networks, protocols and port numbers.
What is an ACL?
An access control list.
What is a VLAN?
Virtual local area networks.