Please enable JavaScript.
Coggle requires JavaScript to display documents.
AZ-900 Describe general security and network security features, Created…
AZ-900
Describe general security and network security features
Azure Security Features
Azure Security Centre
On-prem & Cloud
Automatically apply required settings to new services
Recommend changes for current
Machine Learning to detect/block malware
Detect & analyse inbound attacks
Just in time access to network ports
Posture analysed against governance policies
Score & recommendations given
High / Med / low categorisation
Monitoring service, across all your services
Azure Sentinel
SIEM
Security Informantion & Event Management
Collate data at scale across users, devices, infratructure & apps
On Prem or cloud
Detect threats
Investigate threats with AI & MS experience
Respond to Threats
Use Workbooks
Key Vault
Manage Secrets
Manage Encryption Keys
Manage SSL/TLS certs
Store secrets using Hardware Scurity Modules (HSM)
Benefits
Centralised
Access Monitored and controlled
Simplified admin
Integration with other Azure Services
Dedicated Hosts
Customer dedicated hosts
Control infrastruture & visibility of your VMs
Compliance reasons mainly
Cost prohibitive
Pay per host
Descibe Azure Network Security
Defense in Depth
Multiple layers of security
Physical
Building / room access
Identity & access
Access to infrastrcture & change control
SSO/MFA
Audit events
Perimeter
DDOS Protection
Firewalls
Network
Lmit access between resources
Deny by default
Restrict inbound access
Secure connections to On Prem
Compute
Secure access to VMs
Endpoint protection & Patch ssytems
Application
Secure & Free from vulnerabilities
Keep secrets in secure storage
Secure by design
Data
Confiedentiality
Least privilege
Integrity
Prevent change at rest or in transit
Trust the data is as it should be
Availability
Only available to authorised users or services
Azure Firewall
Prevents access to Azure Virtual Networks
Stateful
Complete context of network connection
High Available/Scalable
Inbound/outbound rules
Azure DDOS
Basic - automatic, free
Traffic mnotioring, real time mitigation of common attacks
Azure Global Netowkr used to distribute and mitigate attacks
Standard
Additional, tuned to Virtual Network reources
Same defenses as MS Online services
Prevent Volume, protocol or resource layer attacks
Azure Network Scurity Groups
Filter traffic between resources
Internal Firewall
Created by
LinkeD365