- Overview of Azure Security
Describe general and network security features. And that’s worth 10 to 15% of the overall exam. And you can see what they are from the exam requirements on your screen. We’re talking about Azure security features and network security. Now, I don’t have to tell you that security is a massive challenge within cloud computing and within enterprise computing in general. Luckily, companies like Microsoft Azure, as well as the other cloud computing platforms, I’m sure, are highly incentivized to provide you with really easy-to-use tools to configure your security.
So we’re going to have a look at the Azure Security Center in this video, which is the centralized dashboard for security, similar to the way that Azure Monitor was a centralized dashboard for system and application events. We’re also going to talk about Key Vault Sentinel and Azure dedicated hosting, which are different kinds of security. Then in the following section, we’re going to switch into network security, which is how you configure your applications running in a virtual network with firewalls, network security groups, and even Dodos protection. So what is this Azure Security Center?
Well, like I said, it is supposed to be a centralized dashboard to help you manage the security of your overall cloud environment. So it is a unified infrastructure security management system, and it monitors and protects both your systems inside. And if you can install the software agents, it will even manage your systems on prem. So it’s a strengthening of security to protect against threats and help you get secure at a quicker pace. Here is a screenshot of an Azure security center.
We can see that it gives you a security score. 22 percent is certainly a poor score, and there are ways for you to increase that score. And I love the gamification of this. And so this gives you this overview, and then you can go into individual types of security and see recommendations. So, for instance, how your resource security is configured There are twelve high-severity recommendations, one medium-severity recommendation, and one low-severity recommendation. And so you can go and improve your score by resolving these vulnerabilities and closing those loopholes. Now, this does tie into Azure Advisor. If you’re in the security section of Azure Advisor, then you’ll probably be taken into the Security Center for those individual recommendations.
2. Azure Sentinel
Now the next security features of Azure that we’re going to talk about is the Azure Key Vault. Now, Key Vault is a sort of response to storing your secrets, security certificates, and public private keys in Azure. Now, in the years before the Cloud and Key Vault, people would frequently store secrets in code. So if you had a user ID and password that you needed to access an external system from application to application, you might hard code the user ID and password in the code of your application. Now that you’ve advanced so far that you would put that externally into a configuration file, but now we’re talking about being able to create secrets within Azure such that even the code developer doesn’t have access to those values.
And if your code ever leaks, if someone gains access to your GitHub or zips up your code and distributes it outside, those secrets are still safe. So the only people that have access to the secret are you, as the person who’s adding the secret to Azure. And then you grant access to the programmer to access the secret at runtime. It’s a pretty cool thing. Now, it doesn’t just do secrets. It also allows you to generate public and private keys.
Those keys are used for various things. You can use it to assign things that get decrypted at the other end—any kind of encryption. So you can generate a key within the Key Vault. Finally, it does support security certificates, like your SSL certificate, and any kind of client certificate required for security. Essentially, you put all these secrets into Key Vault and just grant access to the applications that need them in real time. This allows you to have very tight control over the things that are really precious to your organization. It could be your database password, etc.
Now the next topic that we’ll talk about in this section when it comes to security is called Azure Sentinel. I love the name Azure Sentinel. It’s basically the central Azure Monitor, but it has some intelligence to it. So you can centralise all your log files from all the various locations, and then it actually analyses those logs to detect active threats. So if somebody is trying to log into your systems and continually getting the password wrong, that could trigger some type of alert within Azure Sentinel. You can also see what types of traffic are coming to your website. Maybe somebody is just trying to find the files in a directory, and they’re doing it by brute force, method.
Well, then Azure Sentinel will realize there are a lot of 404 errors being generated and someone is actually actively trying to get access to your website’s files. Now you take those incidents and put them together, and then you can do an investigation. So you start to build evidence. You see in one system and then another how the same IP address was used on this day and that day. And so, basically, it’s like security. not only reporting but also investigation. And if there is some type of fix that needs to be enacted—let’s say you need to close down a directory so that it doesn’t have anonymous access—then that can be done within Azure Sentinel as well. The final topic of this section, the final security element of Azure in a general sense, is what’s called “dedicated hosts.” Now, dedicated hosts are kind of counter to the whole idea of the public cloud in that you can basically ask Azure to dedicate hardware directly and solely for you.
So you can say, “I want this virtual machine, but the computer that it’s running on, I don’t want any other customers to use that machine, and this network that it’s running on, I don’t want any other customers to have their services on the same network.” Now, of course, Azure is very good at making sure that you can’t get access to other people’s stuff. But, in the virtual machine, because you’re going to have a very powerful computer and you’re only getting a slice of that machine, and some other customer is getting a slice, and you’re blocked from seeing each other’s activities, it’s pretty safe and secure. But some industries are hypersensitive to security issues. As a result, you can obtain dedicated hardware known as Azure dedicated hosts. So you can reserve a virtual machine, and you can run multiple virtual machines on top of dedicated serve a virtuaNow, it’s expensive, but if you do need to have your own dedicated hardware purchased, controlled, and run by Azure but only dedicated to you, that is called a dedicated host.