You are previewing Microsoft Azure Security Infrastructure.
O'Reilly logo
Microsoft Azure Security Infrastructure

Book Description

Implement maximum control, security, and compliance processes in Azure cloud environments In Microsoft Azure Security Infrastructure, three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure with Microsoft’s integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement–so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve.

Three Microsoft Azure experts show you how to:

• Understand cloud security boundaries and responsibilities

• Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection

• Explore Azure’s defense-in-depth security architecture

• Use Azure network security patterns and best practices

• Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security

• Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines

• Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information

• Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite

• Effectively model threats and plan protection for IoT systems

• Use Azure security tools for operations, incident response, and forensic investigation 

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Foreword
  6. Introduction
    1. Acknowledgments
    2. Free ebooks from Microsoft Press
    3. Errata, updates, & book support
    4. We want to hear from you
    5. Stay in touch
  7. Chapter 1. Cloud security
    1. Cloud security considerations
      1. Compliance
      2. Risk management
      3. Identity and access management
      4. Operational security
      5. Endpoint protection
      6. Data protection
    2. Shared responsibility
      1. Cloud computing
        1. NIST definition of cloud computing
        2. Cloud computing characteristics
        3. Cloud service models
        4. Cloud deployment models
      2. Distributed responsibility in public cloud computing
    3. Assume breach and isolation
    4. Azure security architecture
    5. Azure design principles
  8. Chapter 2. Identity protection in Azure
    1. Authentication and authorization
      1. Azure hierarchy
      2. Role-Based Access Control
    2. On-premises integration
      1. Azure AD Connect
        1. Azure AD Connect implementation
      2. Federation
        1. AD FS implementation
    3. Suspicious activity identification
    4. Identity protection
      1. User risk policy
      2. Sign-in risk policy
      3. Notification enabling
      4. Vulnerabilities
    5. Multi-Factor Authentication
      1. Azure Multi-Factor Authentication implementation
      2. Azure Multi-Factor Authentication option configuration
  9. Chapter 3. Azure network security
    1. Anatomy of Azure networking
      1. Virtual network infrastructure
        1. IP address scheme
        2. DHCP servers
        3. DNS servers
      2. Network access control
      3. Routing tables
      4. Remote access (Azure gateway/point-to-site VPN/RDP/Remote PowerShell/SSH)
        1. Remote Desktop Protocol
        2. Secure Shell Protocol
        3. SSTP-based point-to-site VPN
      5. Cross-premises connectivity
        1. Site-to-site VPN
        2. Dedicated WAN link
      6. Network availability
        1. External load balancing
        2. Internal load balancing
        3. Global load balancing
      7. Network logging
      8. Public name resolution
      9. Network security appliances
      10. Reverse proxy
    2. Azure Network Security best practices
      1. Subnet your networks based on security zones
      2. Use Network Security Groups carefully
      3. Use site-to-site VPN to connect Azure Virtual Networks
      4. Configure host-based firewalls on IaaS virtual machines
      5. Configure User Defined Routes to control traffic
      6. Require forced tunneling
      7. Deploy virtual network security appliances
      8. Create perimeter networks for Internet-facing devices
      9. Use ExpressRoute
      10. Optimize uptime and performance
        1. HTTP-based load balancing
        2. External load balancing
        3. Internal load balancing
        4. Global load balancing
      11. Disable management protocols to virtual machines
      12. Enable Azure Security Center
      13. Extend your datacenter into Azure
  10. Chapter 4. Data and storage security
    1. Virtual machine encryption
    2. Azure Disk Encryption
    3. Storage encryption
    4. File share wire encryption
    5. Hybrid data encryption
      1. Authentication
      2. Wire security
      3. Data at rest
    6. Rights management
    7. Database security
      1. Azure SQL Firewall
      2. SQL Always Encrypted
      3. Row-level security
      4. Transparent data encryption
      5. Cell-level encryption
      6. Dynamic data masking
  11. Chapter 5. Virtual machine protection with Antimalware
    1. Understanding the Antimalware solution
    2. Antimalware deployment
      1. Antimalware deployment to an existing VM
      2. Antimalware deployment to a new VM
      3. Antimalware removal
  12. Chapter 6. Key management in Azure with Key Vault
    1. Key Vault overview
    2. App configuration for Key Vault
    3. Key Vault event monitoring
  13. Chapter 7. Azure resource management security
    1. Azure Security Center overview
      1. Detection capabilities
    2. Onboard resources in Azure Security Center
    3. Apply recommendations
      1. Resource security health
    4. Respond to security incidents
  14. Chapter 8. Internet of Things security
    1. Anatomy of the IoT
      1. Things of the world, unite
      2. Sensors, sensors everywhere
      3. Big data just got bigger: TMI
      4. Artificial intelligence to the rescue
    2. IoT security challenges
      1. IoT: Insecure by design
      2. Ramifications of an insecure IoT
    3. IoT threat modeling
    4. Windows 10 IoT and Azure IoT
      1. Windows 10 IoT editions
      2. Azure IoT Suite and secure Azure IoT infrastructure
  15. Chapter 9. Hybrid environment monitoring
    1. Operations Management Suite Security and Audit solution overview
    2. Log Analytics configuration
    3. Windows Agent installation
    4. Resource monitoring using OMS Security and Audit solution
      1. Security state monitoring
      2. Identity and access control
      3. Alerts and threats
  16. Chapter 10. Operations and management in the cloud
    1. Scenario
    2. Design considerations
    3. Azure Security Center for operations
    4. Azure Security Center for incident response
    5. Azure Security Center for forensics investigation
  17. Index
  18. About the authors
  19. Free ebooks
  20. Survey
  21. Code Snippets