SlideShare a Scribd company logo

AZ900-AzureFundamentals-part-11.pdf

ā€¢
ā€¢
S
ssuser2dbaee

AZ900-AzureFundamentals

Technology
1 of 10
Download to read offline
(DDoS) attack: Large scale attacks to bring your apps down Result: App goes down or become slow. Huge bill because of unlimited auto scaling. Two Azure DDoS oļ¬€erings: DDoS Protection Basic: Protects against common network layer attacks Intelligently identifies and blocks DDoS attacks Enabled by default No extra cost DDoS Protection Standard: Mitigates 60 diļ¬€erent DDoS attack types Provides attack analytics, metrics, alerting and reporting Get quick support from DDoS Protection Rapid Response (DRR) team Get a Cost guarantee ( Receive service credit if DDoS attack results in scale-out) Enable it on the Azure virtual network DDoS Protection Standard + Web Application Firewall = Powerful combination that protects at: Network layer (Layer 3 and 4, Azure DDoS Protection Standard) Application layer (Layer 7, WAF) Azure DDoS Azure DDoS 97
Managed network security service to control traļ¬€ic in and out of a Azure Virtual Network Stateful: Once traļ¬€ic in is allowed, traļ¬€ic out is automatically allowed Centralized Configuration: With one Azure firewall, you can control traļ¬€ic to multiple virtual networks (having hundreds of resources) across multiple subscriptions Example : If your enterprise has 10 virtual networks (across multiple subscriptions) with 100 VMs, you can control traļ¬€ic with one Azure Firewall Integrates with Azure Monitor: Provides logging and analytics (REMEMBER) Web application firewall (WAF) Restrict traļ¬€ic into web applications OWASP etc Supported by Azure Application Gateway, Azure Content Delivery Network Azure Firewall Azure Firewall 98
Azure Firewall is an external firewall - outside your Virtual Network Network Security Group (NSG) is like a internal firewall inside your Virtual Network right before your resources Multiple inbound and outbound security rules: Allow or block traļ¬€ic based on source/destination IP address, protocol and port Restrict traļ¬€ic between resources such as virtual machines and subnets Attached with subnets and network interfaces Usecases : Allow access to web server only on port 80 and port 443 (HTTP/HTTPS) Restrict database access only to web servers. Do NOT allow direct access to database from outside world/other servers. Restrict outbound traļ¬€ic from VMs to download so ware packages and system updates Network Security Groups (NSG) Network Security Groups (NSG) 99
"A chain is only as strong as its weakest link" - Secure at all levels: Physical security: Control access to physical infrastructure (Responsibility of Microso ) Perimeter: Azure DDoS Protection + Azure Firewall Network: Restrict internet access (inbound and outbound) Restrict communication between resources Compute:Secure access to virtual machines Implement endpoint protection Ensure that OS and so ware patches are applied Application: Think of security from day one! Implement security best practices depending on language and framework Store secrets in Azure Key Vault Data: Encrypt data at rest and in transit Best Practice: Implement security at all levels! Security Best Practice - Defense in depth Security Best Practice - Defense in depth 100
Cloud Computing Public Cloud You host everything in the cloud (You DO NOT need a data center anymore) No Capital Expenditure required Hardware resources are owned by Azure (Microso ) Hardware failures and security of the data center are managed by Azure (Microso ) Summary: Hardware owned by Azure and shared between multiple tenants Tenants: Customers who rent infrastructure (You, Me and other enterprises) Private Cloud You host everything in your own data center Needs Capital Expenditure Incur staļ¬€ing and maintenance expenses for infrastructure Delivers higher level of security and privacy Hybrid Cloud : Combination of both (Public & Private) Use Public Cloud for some workloads and Private cloud for others Example: Connecting an on-premise app to Azure Cosmos DB Provides you with flexibility: Go on-premises or cloud based on specific requirement Cloud Computing: Public vs Private vs Hybrid clouds Cloud Computing: Public vs Private vs Hybrid clouds 101
Options: VPN and Azure ExpressRoute VPN: Encrypted connection from on- premises to Azure over internet Needs VPN device or gateway on-premises Need Azure VPN gateway in the Azure Virtual Network Encrypted communication over Internet (public) Azure ExpressRoute: Private connectivity to Azure Virtual Network Provides very high bandwidth Very high security (private connection) Traļ¬€ic does NOT go over internet Traļ¬€ic is NOT encrypted by the connection Hybrid Cloud: Connecting Azure with on-premises Hybrid Cloud: Connecting Azure with on-premises 102
Organizing and Managing Organizing and Managing Azure Resources Azure Resources 103
( ) Hierarchy: Management Group(s) > Subscription (s) > Resource Group (s) > Resources Resources: VMs, Storage, Databases Resource groups: Organize resources by grouping them into Resource groups Subscriptions: Manage costs for resources provisioned for diļ¬€erent teams or diļ¬€erent projects or diļ¬€erent business units Management groups: Centralized management for access, policy, and compliance across multiple subscriptions Remember: No hierarchy in resource groups BUT management groups can have a hierarchy Azure Resource Hierarchy Azure Resource Hierarchy https://docs.microso .com/ 104
Resource Group: Logical container for resources Associated with a single subscription Can have multiple resources (REMEMBER) A resource can be associated with one and only one resource group Can have resources from multiple regions Deleting it deletes all resources under it Tags assigned to resource group are not automatically applied to resources HOWEVER, Permissions/Roles assigned to user at the resource group level are inherited by all resources in the group Resource Groups (like Management Groups) are free Resource Groups Resource Groups 105
You need a Subscription to create resources in Azure Subscription links Azure Account to its resources An Azure Account can have multiple subscriptions and multiple account administrators When do you create a new subscription? I want to manage diļ¬€erent access-management policies for diļ¬€erent environments: Create diļ¬€erent subscriptions for diļ¬€erent environments Manage distinct Azure subscription policies for each environment I want to manage costs across diļ¬€erent departments of an organization: Create diļ¬€erent subscriptions for diļ¬€erent departments Create separate billing reports and invoices for each subscription (or department) and manage costs I'm exceeding the limits available per subscription Example: VMs per subscription - 25,000 per region Subscriptions Subscriptions 106

Recommended

Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
Adin Ermie
Ā 
Longji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi | Infrastructure With Microsoft DefenderLongji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi
Ā 
Microsoft azure kt
Microsoft azure ktMicrosoft azure kt
Microsoft azure kt
Kosuru Ajay Naidu
Ā 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
Ā 
Cloud computing
Cloud computingCloud computing
Cloud computing
Moustafa Mahmoud
Ā 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
Ā 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
SPS Paris
Ā 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
Ā 

Recommended

Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
Adin Ermie
Ā 
Longji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi | Infrastructure With Microsoft DefenderLongji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi | Infrastructure With Microsoft Defender
Longji Vwamhi
Ā 
Microsoft azure kt
Microsoft azure ktMicrosoft azure kt
Microsoft azure kt
Kosuru Ajay Naidu
Ā 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
Ā 
Cloud computing
Cloud computingCloud computing
Cloud computing
Moustafa Mahmoud
Ā 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
Ā 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
SPS Paris
Ā 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
Ā 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
Bruno Capuano
Ā 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
Ā 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Marcos Oikawa
Ā 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
kongara
Ā 
Presentation on Openstack in null Bhopal Chapter
Presentation on Openstack in null Bhopal ChapterPresentation on Openstack in null Bhopal Chapter
Presentation on Openstack in null Bhopal Chapter
Hemraj Singh Chouhan
Ā 
AZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdfAZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdf
ssuser5813861
Ā 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
Ā 
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Caroline Johnson
Ā 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.ppt
ArunKumbi1
Ā 
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Ts. Mohd Shahrul Zharif Bin Sharudin
Ā 
Unit-II-part 3.pdf
Unit-II-part 3.pdfUnit-II-part 3.pdf
Unit-II-part 3.pdf
ayushsrivastava750286
Ā 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
Amazon Web Services
Ā 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
William McBorrough
Ā 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
Ā 
Quiz 1 cloud computing
Quiz 1 cloud computing Quiz 1 cloud computing
Quiz 1 cloud computing
Lahore Garrison University
Ā 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
AmitSingh770691
Ā 
Azure for AWS Developers
Azure for AWS DevelopersAzure for AWS Developers
Azure for AWS Developers
Crishantha Nanayakkara
Ā 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
ober64
Ā 
Literature Review: Security on cloud computing
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
Suranga Nisiwasala
Ā 
Cloud Security: A Comprehensive Guide
Cloud Security: A Comprehensive GuideCloud Security: A Comprehensive Guide
Cloud Security: A Comprehensive Guide
HTS Hosting
Ā 
AZ900-AzureFundamentals-part-5.pdf
AZ900-AzureFundamentals-part-5.pdfAZ900-AzureFundamentals-part-5.pdf
AZ900-AzureFundamentals-part-5.pdf
ssuser2dbaee
Ā 
AZ900-AzureFundamentals-part-7.pdf
AZ900-AzureFundamentals-part-7.pdfAZ900-AzureFundamentals-part-7.pdf
AZ900-AzureFundamentals-part-7.pdf
ssuser2dbaee
Ā 

More Related Content

Similar to AZ900-AzureFundamentals-part-11.pdf

Similar to AZ900-AzureFundamentals-part-11.pdf (20)

Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
Ā 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
Ā 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Ā 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
Ā 
Presentation on Openstack in null Bhopal Chapter
Presentation on Openstack in null Bhopal ChapterPresentation on Openstack in null Bhopal Chapter
Presentation on Openstack in null Bhopal Chapter
Ā 
AZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdfAZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdf
Ā 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
Ā 
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Explaining The Differences Between Single-Tenant and Multi-Tenant Clouds!
Ā 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.ppt
Ā 
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
Ā 
Unit-II-part 3.pdf
Unit-II-part 3.pdfUnit-II-part 3.pdf
Unit-II-part 3.pdf
Ā 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
Ā 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
Ā 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Ā 
Quiz 1 cloud computing
Quiz 1 cloud computing Quiz 1 cloud computing
Quiz 1 cloud computing
Ā 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
Ā 
Azure for AWS Developers
Azure for AWS DevelopersAzure for AWS Developers
Azure for AWS Developers
Ā 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
Ā 
Literature Review: Security on cloud computing
Literature Review: Security on cloud computingLiterature Review: Security on cloud computing
Literature Review: Security on cloud computing
Ā 
Cloud Security: A Comprehensive Guide
Cloud Security: A Comprehensive GuideCloud Security: A Comprehensive Guide
Cloud Security: A Comprehensive Guide
Ā 

More from ssuser2dbaee

More from ssuser2dbaee (11)

AZ900-AzureFundamentals-part-5.pdf
AZ900-AzureFundamentals-part-5.pdfAZ900-AzureFundamentals-part-5.pdf
AZ900-AzureFundamentals-part-5.pdf
Ā 
AZ900-AzureFundamentals-part-7.pdf
AZ900-AzureFundamentals-part-7.pdfAZ900-AzureFundamentals-part-7.pdf
AZ900-AzureFundamentals-part-7.pdf
Ā 
AZ900-AzureFundamentals-part-8.pdf
AZ900-AzureFundamentals-part-8.pdfAZ900-AzureFundamentals-part-8.pdf
AZ900-AzureFundamentals-part-8.pdf
Ā 
AZ900-AzureFundamentals-part-6.pdf
AZ900-AzureFundamentals-part-6.pdfAZ900-AzureFundamentals-part-6.pdf
AZ900-AzureFundamentals-part-6.pdf
Ā 
AZ900-AzureFundamentals-part-2.pdf
AZ900-AzureFundamentals-part-2.pdfAZ900-AzureFundamentals-part-2.pdf
AZ900-AzureFundamentals-part-2.pdf
Ā 
AZ900-AzureFundamentals-part-9.pdf
AZ900-AzureFundamentals-part-9.pdfAZ900-AzureFundamentals-part-9.pdf
AZ900-AzureFundamentals-part-9.pdf
Ā 
AZ900-AzureFundamentals-part-3.pdf
AZ900-AzureFundamentals-part-3.pdfAZ900-AzureFundamentals-part-3.pdf
AZ900-AzureFundamentals-part-3.pdf
Ā 
AZ900-AzureFundamentals-part-10.pdf
AZ900-AzureFundamentals-part-10.pdfAZ900-AzureFundamentals-part-10.pdf
AZ900-AzureFundamentals-part-10.pdf
Ā 
AZ900-AzureFundamentals-part-4.pdf
AZ900-AzureFundamentals-part-4.pdfAZ900-AzureFundamentals-part-4.pdf
AZ900-AzureFundamentals-part-4.pdf
Ā 
NetApp CIFS Audit.docx
NetApp CIFS Audit.docxNetApp CIFS Audit.docx
NetApp CIFS Audit.docx
Ā 
Netapp_Aggregates.docx
Netapp_Aggregates.docxNetapp_Aggregates.docx
Netapp_Aggregates.docx
Ā 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Ā 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Ā 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Ā 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Ā 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Ā 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Ā 

Recently uploaded (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜
Ā 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Ā 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Ā 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Ā 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Ā 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Ā 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Ā 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Ā 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Ā 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Ā 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Ā 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Ā 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Ā 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Ā 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Ā 

AZ900-AzureFundamentals-part-11.pdf

  • 1. (DDoS) attack: Large scale attacks to bring your apps down Result: App goes down or become slow. Huge bill because of unlimited auto scaling. Two Azure DDoS oļ¬€erings: DDoS Protection Basic: Protects against common network layer attacks Intelligently identifies and blocks DDoS attacks Enabled by default No extra cost DDoS Protection Standard: Mitigates 60 diļ¬€erent DDoS attack types Provides attack analytics, metrics, alerting and reporting Get quick support from DDoS Protection Rapid Response (DRR) team Get a Cost guarantee ( Receive service credit if DDoS attack results in scale-out) Enable it on the Azure virtual network DDoS Protection Standard + Web Application Firewall = Powerful combination that protects at: Network layer (Layer 3 and 4, Azure DDoS Protection Standard) Application layer (Layer 7, WAF) Azure DDoS Azure DDoS 97
  • 2. Managed network security service to control traļ¬€ic in and out of a Azure Virtual Network Stateful: Once traļ¬€ic in is allowed, traļ¬€ic out is automatically allowed Centralized Configuration: With one Azure firewall, you can control traļ¬€ic to multiple virtual networks (having hundreds of resources) across multiple subscriptions Example : If your enterprise has 10 virtual networks (across multiple subscriptions) with 100 VMs, you can control traļ¬€ic with one Azure Firewall Integrates with Azure Monitor: Provides logging and analytics (REMEMBER) Web application firewall (WAF) Restrict traļ¬€ic into web applications OWASP etc Supported by Azure Application Gateway, Azure Content Delivery Network Azure Firewall Azure Firewall 98
  • 3. Azure Firewall is an external firewall - outside your Virtual Network Network Security Group (NSG) is like a internal firewall inside your Virtual Network right before your resources Multiple inbound and outbound security rules: Allow or block traļ¬€ic based on source/destination IP address, protocol and port Restrict traļ¬€ic between resources such as virtual machines and subnets Attached with subnets and network interfaces Usecases : Allow access to web server only on port 80 and port 443 (HTTP/HTTPS) Restrict database access only to web servers. Do NOT allow direct access to database from outside world/other servers. Restrict outbound traļ¬€ic from VMs to download so ware packages and system updates Network Security Groups (NSG) Network Security Groups (NSG) 99
  • 4. "A chain is only as strong as its weakest link" - Secure at all levels: Physical security: Control access to physical infrastructure (Responsibility of Microso ) Perimeter: Azure DDoS Protection + Azure Firewall Network: Restrict internet access (inbound and outbound) Restrict communication between resources Compute:Secure access to virtual machines Implement endpoint protection Ensure that OS and so ware patches are applied Application: Think of security from day one! Implement security best practices depending on language and framework Store secrets in Azure Key Vault Data: Encrypt data at rest and in transit Best Practice: Implement security at all levels! Security Best Practice - Defense in depth Security Best Practice - Defense in depth 100
  • 5. Cloud Computing Public Cloud You host everything in the cloud (You DO NOT need a data center anymore) No Capital Expenditure required Hardware resources are owned by Azure (Microso ) Hardware failures and security of the data center are managed by Azure (Microso ) Summary: Hardware owned by Azure and shared between multiple tenants Tenants: Customers who rent infrastructure (You, Me and other enterprises) Private Cloud You host everything in your own data center Needs Capital Expenditure Incur staļ¬€ing and maintenance expenses for infrastructure Delivers higher level of security and privacy Hybrid Cloud : Combination of both (Public & Private) Use Public Cloud for some workloads and Private cloud for others Example: Connecting an on-premise app to Azure Cosmos DB Provides you with flexibility: Go on-premises or cloud based on specific requirement Cloud Computing: Public vs Private vs Hybrid clouds Cloud Computing: Public vs Private vs Hybrid clouds 101
  • 6. Options: VPN and Azure ExpressRoute VPN: Encrypted connection from on- premises to Azure over internet Needs VPN device or gateway on-premises Need Azure VPN gateway in the Azure Virtual Network Encrypted communication over Internet (public) Azure ExpressRoute: Private connectivity to Azure Virtual Network Provides very high bandwidth Very high security (private connection) Traļ¬€ic does NOT go over internet Traļ¬€ic is NOT encrypted by the connection Hybrid Cloud: Connecting Azure with on-premises Hybrid Cloud: Connecting Azure with on-premises 102
  • 7. Organizing and Managing Organizing and Managing Azure Resources Azure Resources 103
  • 8. ( ) Hierarchy: Management Group(s) > Subscription (s) > Resource Group (s) > Resources Resources: VMs, Storage, Databases Resource groups: Organize resources by grouping them into Resource groups Subscriptions: Manage costs for resources provisioned for diļ¬€erent teams or diļ¬€erent projects or diļ¬€erent business units Management groups: Centralized management for access, policy, and compliance across multiple subscriptions Remember: No hierarchy in resource groups BUT management groups can have a hierarchy Azure Resource Hierarchy Azure Resource Hierarchy https://docs.microso .com/ 104
  • 9. Resource Group: Logical container for resources Associated with a single subscription Can have multiple resources (REMEMBER) A resource can be associated with one and only one resource group Can have resources from multiple regions Deleting it deletes all resources under it Tags assigned to resource group are not automatically applied to resources HOWEVER, Permissions/Roles assigned to user at the resource group level are inherited by all resources in the group Resource Groups (like Management Groups) are free Resource Groups Resource Groups 105
  • 10. You need a Subscription to create resources in Azure Subscription links Azure Account to its resources An Azure Account can have multiple subscriptions and multiple account administrators When do you create a new subscription? I want to manage diļ¬€erent access-management policies for diļ¬€erent environments: Create diļ¬€erent subscriptions for diļ¬€erent environments Manage distinct Azure subscription policies for each environment I want to manage costs across diļ¬€erent departments of an organization: Create diļ¬€erent subscriptions for diļ¬€erent departments Create separate billing reports and invoices for each subscription (or department) and manage costs I'm exceeding the limits available per subscription Example: VMs per subscription - 25,000 per region Subscriptions Subscriptions 106