In our day 4 of preperation we would be talking about Azure network security along with Azure Identity services and some security tools and features Azure has to offer.
When we talk about Security we often think about how can we protect our enviornment so that its confidential and always avaiable when needed. Data integrity is also one of the major concerns so that no data is changed when its been sent to and fro.
Lets look at various Security features which helps us to secure of network.
- It helps us to protect our azure virtual network resources
- You can set up inbound and outbound rules
- It uses static public IP
AZURE APPLICATION GATEWAY
Azure applicaiton gateway also provides Firewall called WEB APPLICATION FIREWALL) which helps in protection of your web application (inbound).
AZURE DDOS PROTECTION
A Distributed denial of Service attack (Cyber-Attack) is a disturbance in your exisiting network traffic. As the name says denial : the attackers try to make the targeted server or network unavailable to its users temporarily or indefinitely by causing disturbance or compromising the server.
When we move our Applications to cloud, High Availability and Security is one of the major concerns. The DDOS attack can be easily targeted to all those endpoints that are reachable over internet. Using Azure DDOS protection can helps us to prevent our application from these DDOS attacks.
Various Service Tiers provided –
Its enable by default as a part of Azure platform.
This tier provides an additional capabilities over the basic tier and it focuses more towards Azure virtual network resources.
NETWORK SECURITY GROUP
A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs.
- Priority : 100 and 4096
- Protocol : TCP, UDP or Any
APPLICATION SECURITY GROUPS
- Permieter Layer – Protects network boundaries using Azure DDoS protection and Azure Firewall
- Network Layer – Only allow inbound and outbound rules specified (NSG).
As we have now talked abotu different ways in which you can protect your network in Azure lets talk about Azure Indentity services.
AZURE ACTIVE DIRECTORY
Its Identity and Access management service offering from microsoft which helps in authentication and application management.
- SSO (Only one username/pwd to access multiple application)
- B2B (manage guest user and external partner)
- B2C(how user signup, signin and manage profile)
Device Identity management in Azure Active Directory (Azure AD), you can ensure that your users are accessing your resources from devices that meet your standards for security and compliance.
You can also configure multi-factor authentication but than you would require a premium tier of Active Directory.
Lets talk about various Security tools and features Azure has to offer.
AZURE SECURITY CENTER
- It provides thread protection for services in Azure and on-premise
- Based on your configurations, resources and network it also provides with recommendations.
- Helps in monitoring cloud and on-premise workloads.
- Keeps monitoring the services continously and performs automatic security assessments.
- It makes use of Machine Learning to detect and block malware.
- Allows whitelisting of applications that needs to run
- Analyse and identify possible incoming attacks and helps with investigations
- There are different tiers available
- FREE – Available with every Azure Subscription and is limited to assessments and recommendations of Azure resources only
- STANDARD – Complete package of security related services and features. Continous monitoring, threat detection, JIT access control for ports and other additional features.
AZURE KEY VAULT
Helps you to manage your cryptographic and application secret keys so that they are not exposed.
- Stored secret keys backed by HSM
- Certificate Management
- Secret management of tokens
You can more refer to the following link
AZURE INFORMATION PROTECTION
You can also protect all important emails and documents by adding a label to it. Both the users and admin can do it.
AZURE ADVANCE THREAT PROTECTION
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Monitor and profile user behavior and activities
- Protect user identities and reduce the attack surface
- Identify suspicious activities and advanced attacks across the cyber-attack kill-chain
- Identify rogue users and attackers’ attempts to gain information.
- Identify attempts to compromise user credentials.
- Detect attempts to move laterally inside the network to gain further control of sensitive users, utilizing methods such as Pass the Ticket, Pass the Hash, Overpass the Hash and more.
- Highlighting attacker behavior if domain dominance is achieved, through remote code execution on the domain controller, and methods such as DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.
- Investigate alerts and user activities
In our Day 5 post we would continue by talking about Azure Big Data and Analytics services along with Azure Serverless computing offerings.