Module 9 Flashcards
Systems need to be designed with security in mind,
What service allows you to recieve and processes millions of events each second via dynamic data pipelines and intergrate with other Azure Services
Azure Event Hubs
Whose responsibility is Security in the cloud
Cloud Security is a shared responsibility.
In cloud some security is baked into service whilst addressing others remains the customers responsibility
What are some of the challenges involved with security in On-Prem data centers
Many tools and experts required to keep pace with volume and complexity of threats
Moving from On prem to cloud shifts some of the security responsibility, Security of the operational environment is now shared by Customer and Cloud Service Provider. With a shift to the cloud what can organisations reduce there forcus on
Moving from On prem to cloud shifts some of the security responsibility
Which model (IaaS, PaaS, SaaS) makes it the customers responsibility to patch and secure OS + Software. As well as configuring the network to be secure.
- With VMs/IaaS it is the customers responsibility to patch and secure OS + Software. As well as configuring the network to be secure.
- However you have outsourced the concern of physical security
When using PaaS what elements of Security are removed from the customer
With PaaS…Azure takes care of OS + Foundational Software, everything is updated/patched and can be intergrated with Azure AD
In terms of infrastructure, what benefits does PaaS bring?
- PaaS offers advantage of not needing to build infra’s and subnets
- You can point and click OR script complex secured systems that can be scaled as needed
With SaaS, everything is more or less outsourced, Software is run on internet infrastructure and code is controlled by Vendor.
What is an example of SaaS
Office 365 is an example
You outsource nearly everything, S/W runs on internet infra, code controlled by vendor and only configured by the customer
With all deployment types, what do you always own
With all deployment types you own data and identities
With all deployment types you are responsible for helping secure data and identities, what else is it
always your responsibility to secure?
- Data
- Endpoints
- Accounts
- Access Management
Defense In Depth is known as a “****” approach
Layered Approach
As a Strategy what does defense in depth employ
- Defense in depth is a strategy that employs a series of mechanisms to slow advance of an attack.
- Each layer provides protection, if one layer is breached there is another to prevent further exposure.
- M/S applies a layered approach to physical security and across Azure services
What is the objective of Defense in depth
- Objective of defense in depth is to protect and prevent data form being stolen by people not authorized to access it
How can Defense in Depth be visualise, and how does it remove the reliance on a single layer of protection
- Defense in Depth can be visualised as concentric rings, with data secured at the centre, each ring adding an additional layer of security.
- Removes reliance on single layer of protection and acts to slow down an attack + provides alerts telemetry for auto or manual effort
In almost all cases what is it that an attacked wants to get
- In almost all cases DATA is what the attacker wants whether that be Stored on
- Disk(VM) - DB - SaaS App - Cloud Storage
Who’s responsibility is it to ensure data is secured?
What often dictates controls with processs to ensure HA, Confidentialty and Intergrity
It is the Responsibility of those who store and control access to ensure it’s secured.
- Often there are regulatory requirements that dictate controls with processes to ensure HA, Confidentiality and Intergrity
What points should be implemented within an Application, with regards to security
- Ensure apps free of vunrabilites
- Store sensitive app secrets on secure medium
- Make security a design requirement for all in app development
- Intergrating security into app development life cycle will help reduce vunrabilities in code. Encourage all Dev teams to ensure apps are secure by default making security requirements non negotiable
What points should be implemented within “Compute”, with regards to security
- Secure VM access
- Implement endpoint protection
- Keep systems patched
- Malware + Unpatched systems, improperly secured systems open environment to attacks
- Focus in this layer is to make sure you secure with proper controls to minimize security risks
What points should be implemented within “Networking”, with regards to security
- Limit resource communication
- Deny by Default
- Restrict inbound traffic, limit outbound (where appropriate)
- Implement secure connectivity to on-prem network
- Focus on limiting network connectivity across all resources only allow what is required this reduces risk of lateral movement through the network.
What points should be implemented within “Perimeter”, with regards to security
- Use DDoS protection to filter large scale attacks before denial of service to end users
- Use perimeter firewalls to identify and detect malicious attacks
- About protecting from network based attacks against resources - Identify these attacks, eliminating impact, alert when they happen Important to keeping network secure.
What points should be implemented within “Identity and Access”, with regards to security
- Control access to infrastructure and use change control
- Use Single Sign On and Multi Factor Authentication
- Audit events and changes
- Ensure identities are secure and can only access what is needed (log changes made)
What points should be implemented within “Physical Security”, with regards to security
- Building security, Controlling access with DC = 1st line of defense
- Provide physical safeguard against access to assets, this ensures other layers can’t be bypassed + loss is handled appropriately
Azure Helps _______ security concerns but still ______ responsibility and how much depends on which model is used within Azure
Defense in ____ is used as a _____ for considering what protections are ______ for our environments.
Azure Helps alleviate security concerns but still shared responsibility and how much depends on which model is used within Azure
Defense in depth is used as a guideline for considering what protections are adequate for our environments.
Azure Security Center is a good starting point for investigating security of Azure based solutions, it is a monitoring service providing threat protection across….?
Monitoring service providing threat protection across Azure Services + On prem
What are the key points/features of Azure Security Center
- Provides recommendations based on your configurations, resources and networks
- Monitor security settings on-prem + cloud, auto apply security to services coming online
- Continiously monitor security settings, perform auto assesments to identify vunrabilities before exploit
- Uses machine learning to detect/block the install of malware on VMs, can define a list of validated apps to ensure only those apps can be executed
- Analyse/Identify any potential inbound attacks + help investigate threats and carry out any post breach activity
- Provide JIT access control for ports, reducing attack surface ensuing network only allows required traffic
Azure Security Center is part of what recommendations
Azure Security Centre is part of CIS (center for Internet Security) recommendations
Which Tiers are Azure Security Center available in and what are the differnces
- Free - As part of Azure subscription, limited to assessments + recommendations for Azure resources only
- Standard - Full suite of security related services including continuous monitoring, threat detection, JIT access for ports and more
To access full suite of Azure security centre services you need to upgrade to standard tier, how long is the trial of Azure Security and where can it be activated
Access a 30 day trial of standard tier from within the Azure Security Centre dashboard
Once you have used the Free Trial how much is Azure Security Center Standard Tier?
Azure Security Center standard tier is $15 per node per month
Azure Security Center can interrogate your workflows in many ways and you can use Security Center for incident response.
How can you reduce cost/damage due to an incident?
To reduce cost/damage you should have incident response plan before an attack
When do most organisations learn how to respond to incidents
Many Organisations only learn to respond after suffering an attack.
What 3 stages of an incident can Azure Security Center be used in
Detect
Assess
Diagnose
What is meant by Detecting an incident with Azure Security Center
- Detect - Review 1st indication of an event investigation (e.g. use security center dashboard to review initial verification that high-priority security alert was raised)
What is meant by Assessing an incident with Azure Security Center
Access - Perform initial assessment to obtain more information re suspect activity (e.g. obtain more information about the alert)
What is meant by Diagnosing an incident with Azure Security Center
Diagnose - Conduct technical investigation and identify containment, mitigation, workround stratergies (e.g. follow remediation steps described by security centre for alert)
Azure Security Center can be used to enhance security - how can you do this
- Reduce chances of security event by configuring security policy then implement recommendations by security center
- Security policy defines a set of controls recommended for resources within subscription or resource group - define policies according to companies security requirements
- Security Centre analyzes state of Azure resources, when potential vulnerabilities are identified it creates recommendations based on controls set in security policy.
- Recommendations guide you through config of security controls (E.G. Workloads that do not require SQL to use TDE, recommendation turn of at subscription level and enable it on resources where it is required)
Traditionally Primary protection for corporate data was Network perimeters, Firewalls an Physical controls.
Why is this less so the case now and what has become the new primary security boundary
Network perimeters have become increasingly porous with BYOD, mobile Apps and Cloud Apps.
Identity has become new primary security boundary
With Identity being the new primary security boundary what is now more important to maintain control of your data
Identity has become new primary security boundary so proper authentication, assignment of privileges is critical to maintaining control of your data.
Authentication and Authorization - Two fundamental concepts
What is Authentication (AuthN)
- Process of establishing the identity of person or service
- Involves challenging for legitimate credentials, provides the basis for creating a security principal for identity and access control.
- Establishes if they are who they say they are.
What is Authorization (AuthZ)
- Process of establishing level of access for a person or service
- Specifies what data they can access and what they can do with it.
What Azure Service provides services to manage both Authorization and Authentication
Azure Active Directory
What is Azure AD?
- Cloud based identity service, supports syncing to on-prem AD or can act standalone
- All Apps - Onprem, cloud and mobile can use same credentials
- Admins/Devs control data to internal and external data/apps using centralized roles and policies configured in Azure AD
Azure AD provides various Services what are some these?
Authentication SSO App Management B2B Identity Services B2C Identity Services Device Management
What is meant by Authentication in relation to Azure AD
- Verifying ID to access apps and resources
- Provides SSO, MFA and Custom banned password list
- Smart lockout devices - functionality.
What is meant by SSO in relation to Azure AD
- Enables user to remember one ID and password
- Simplifies security model
- As users change roles/leave modifications are only made to one identity, reducing effort to change or disable accounts
What is meant by App Management with regards to Azure AD
Manage cloud and on prem apps using Azure AD application proxy, SSO, the MyApps portal (AKA Access Panel) and SaaS apps
What is meant by B2B Identity services in relation to Azure AD
Manage Guest/External partners maintaining control over data
What is meant by B2C Identity Services with regards to Azure AD
Customize/control users signup/sign in + manage profile within Apps and Services
What is meant by Device Management with regards to Azure AD
Manage how cloud/on prem devices access your corporate data
What are the benefits of Single Sign On
- More Ids to manage means a greater risk of security related incident
- More IDs = More passwords and more password policies, increasing difficult for user
- Harder logistics to manage passwords and more strain on help desks
- Challenging to track down all accounts when someone leaves
- Single sign on reduces all this, only remember ine ID and Password, modifications need only be made to One ID
What are the features of using Azure AD for single Sign on
- Using Azure Ad for SSO, able to combine multiple data sources into intelligent security graph, enabling threat analysis and real time identity protection to all Azure AD accounts including those sync’d from Azure AD
- Centralised ID provider gives centralised Security Controls, Reporting, alerting and admin of identity infrastructure.
What is Multi Factor Authentication, and what are the benefits of using it with relation to Azure AD
- Provides additional security by requiring 2 or more elements for full authentication.
- Something you…Know(P/WD or Security Question), Posess (Mobile App or Token) and Are (Biometric).
- Increases security by limiting impact of credential exposure, an attacker would need to possess multiple factors of AuthN to authenitcate - Benefits are huge
- Azure AD has MFA capabilities and will intergrate with 3rd party MFA providers
- MFA should be used for global admin accounts and can be used for all accounts.
It is valuable to Services to have ID’s Why is this?
- Valuable for services to have ID’s, often credentials are embedded into config files which is against best practice, with no security around config files - anyone with system access can get credentials
- Azure AD addresses this problem with 2 methods (Service Principals and Managed Identities)
What is the difference between and Identity and a Principal
- Identitiy - thing that can be Authenticated (i.e a user with username and password)
- Principal - Identity acting with certain roles or claims.
- Usually not helpful to consider identity and principal seperately - think of SUDO or “Run as Administrator” - where you are still logged in as the same person but with a role change
N.B. Groups are often considered principals.
What is a service principal
Identity used by service or application?
What is the purpose and benefits of managed identities for Azure Services
- Creation of service principals can be tedious, lots of touch points making maintaining difficult
- Managed Identities for Azure Services is much easier and does much of work for you
- A managed ID can be instantly created for any azure service supporting it
- When you create, you create account on your Orgs AD (a specific Orgs AD instance is known as an AD tenant)
- Azure Infrastructure will take care of AuthN for the Service + managing the account
- Use account like any other Azure AD account incl; allowing AuthN service secure access of other Azure Services
In terms of RBAC what are roles?
Roles are sets of permissions (read-only, contributor etc) that users can be granted access on Azure Service instance
How are IDs mapped to roles
IDs mapped to roles directly, through group membership, separate security principals, access permissions and resources provides simple access management and fine grained control.
