Azure Security Features Flashcards
Azure Security Center
Unified infrastructure security management system that monitors and protects your systems inside and outside Azure. It strengthens security and faster and protects against threats.
It’s a centralized dashboard to manage the security your cloud environment.
It gives you a security score in percentage and you can see individual types of security and you can see recommendations for level of severity.
Key Vault
Central and secure repository for your secrets, certificates and keys. In this way if your code is leaked, or someone accesses you GitHub or something those secrets are still protected.
It also allows you to generate public private keys.
So basically you put the secrets in the key vault and you grant access to the applications that need them in real time.
Azure Sentinel
Its like Central Azure Monitor but has some intelligence to it.
- You can centralize all the log files from multiples resources.
- Analyzes them to detect threats.
- Allows you to run queries on those logs yourself.
- You can investigate an incident.
- You can orchestrate and automatically fix the issue.
Ex: Someone tries to enter in account but puts to many wrong passwords that can trigger some type of alert; You can see the types of traffic that’s being sent to your website.
Being able to check all those incidents you can investigate and check the IP addresses the days when it happened. You can change permissions or accesses in Azure Sentinel directly.
Azure Dedicated Hosts
Hardware that is dedicated to you and to you only. (Ex: I want that the computer where my VM runs its used only by me)
You can reserve a machine and run multiple virtual machines on it.
Its of course more expensive.
Defense in Depth
A Microsoft concept; Multiple point of checking and authentication to get throughout different steps or places.
Ex: The front door of your house being the only security. But you can have multiple layers like the key + code that triggers an alarm + a locker with another code + a safe with a password + a password in the computer in the house office.
Layers of defense in cloud
- The physical layer – data center controlled by Microsoft, the fences, door locks, security guards, the fingerprint authentication, …
- Active Directory (identity & access)
- Perimeter – DDos, firewalls
- Network – NSG (Network Security Groups), Subnets, Denial of service attack protections
- Compute – Limit Remote Desktop Access, Windows update
- Application – API Management
- Data – virtual network endpoint; limit the types of application that can access to your data
The more of this you can implement the safer you are.
Network Security Group (NSG)
It’s a static sets of rules that protect each network. It’s basically a list of port number, IP addresses that are allowed to access.
A VM can be divided in subnets for example front-end and back-end and you can have different security levels in each of those (more in the back-end for example).
Azure Firewall
Analyze traffic trying to come in and see if it matches certain known bad patterns, like SQL commands into the body of the data and reject the request.
It’s an application gateway device.
