Notes from MS Learn AZ-700 Module 6: Design and implement network security – Unit 2: Get Network Security Recommendations with Microsoft Defender for Cloud
Network security is various tech, devices, processes and provides rules and configs to protect the CIA of networks/data. Every org though have some sort of network security
- Network Security
- Covers controls to secure and protect Azure.
- Including securing VNets
- Private connections
- Prevent/mitigate external attacks
- Secure DNS
- Full description on MS Learn site Security Control V3: Network Security on Microsoft Learn
- NS-1: Establish network segmentation boundaries
- Security Principle to ensure that VNet deployment aligns with segmentation strategy
- Any workload that incurs high risk should be isolated in VNets
- NS-2: Secure cloud services with network controls
- Security Principle to secure cloud services establishing private access point to resource(s)
- Should also disable/restrict public access if you can
- NS-3: Deploy firewall at edge of enterprise network
- Security Principle to perform advanced filtering on net traffic to/from external networks
- Can also use firewalls between internal segments
- If needed, custom routes for subnet used to override system route
- This forces net traffic to go through network appliance for security
- NS-4: Deploy IDS/IPS
- Security Principle to inspect network and payload to/from workloads
- Ensure IDS/IPS always tuned for high-quality alerts
- NS-5: Deploy DDOS Protection
- Security Principle to protect network/apps from attacks
- NS-6: Deploy web app firewall
- Security Principle to deploy WAF and configure rules to protect web apps/API’s from app specific attacks
- NS-7: Simplify net security config
- Security Principle to use tools to simplify, centralize, enhance network security management
- NS-8: Detect & Disable insecure services/protocols
- Security Principle to protect from insecure services/protocols at OS/App/Software package
- Deploy controls if disabling isn’t possible
- NS-9: Connect on-prem or cloud privately
- Security Principle to use private connection between networks
- NS-10: Ensure DNS security
- Security Principle to ensure DNS security config against known risks
- Using Microsoft Defender for Cloud for Regulatory Compliance
- Defender for Cloud aids in streamlining meeting regulatory compliance requirements using the “Regulatory Compliance Dashboard”
- This shows status of all assessments within environment you have chosen standards and regulations for
- As you act and reduce risk posture improves
- Regulatory Compliance Dashboard
- Shows overview of status with set of supported compliance regulations
- View overall score, number of pass/fail assessments within each standard
- Compliance Controls
- Contains
- Subscriptions the standard is applied on
- List of all controls for said standard
- View details of passing/failing assessment associated with control
- Number of affected resources
- Severity of the alert
- Some are grayed out as they don’t have Any MS Defender for Cloud assessments associated
- Check their requirement and assess them
- Some controls may be process-related not technical
- Contains
- Exploring details of compliance with a specific standard
- To generate PDF report with a summary of status choose Download Report
- Provides high-level summary of compliance status for standard based on MS Defender for Cloud assessment data
- Organized according to controls of said standard
- Can be share with stakeholders and aid in providing evidence to internal/external auditors
- Alerts in MS Defender for Cloud
- Automatically collects/analyzes/integrates log data from Azure resources
- List of prioritized security alerts shown along with. Info needed to investigate and remediation steps
- Manage security alerts
- Defender for Cloud overview page shows Security Alerts tile at top and a link in the left panel
- Security alerts page shows active alerts
- Sort by Severity, Title, Affected Resource, Activity Start Time
- MITRE. ATTACK tactics and status
- To filter select any of the relevant filters
- Respond to security alerts
- From Security alerts list click an alert
- Another panel opens with description of alert and affected resources
- View full details to display more info
- Left pane shows high-level info regarding alert
- Title
- Severity
- Status
- Activity time
- Description
- Affected Resource
- Right Pane includes
- Alert details tab with more details
- IP address
- Files
- Processes
- Etc
- Take Action Tab with Actions like
- Mitigate the threat
- Provides manual remediation steps
- Prevent Future Attacks
- Provides sec recommendations to aid in reducing attack server, increase security posture
- Trigger Automated Response
- Provides option to trigger logic app as response
- Suppress similar alerts
- Provides option to suppress further alerts with similar characteristics
- Mitigate the threat
- Alert details tab with more details