Book Image

Mastering Azure Security - Second Edition

By : Mustafa Toroman, Tom Janetscheck
Book Image

Mastering Azure Security - Second Edition

By: Mustafa Toroman, Tom Janetscheck

Overview of this book

Security is integrated into every cloud, but this makes users put their guard down as they take cloud security for granted. Although the cloud provides higher security, keeping their resources secure is one of the biggest challenges many organizations face as threats are constantly evolving. Microsoft Azure offers a shared responsibility model that can address any challenge with the right approach. Revised to cover product updates up to early 2022, this book will help you explore a variety of services and features from Microsoft Azure that can help you overcome challenges in cloud security. You'll start by learning the most important security concepts in Azure, their implementation, and then advance to understanding how to keep resources secure. The book will guide you through the tools available for monitoring Azure security and enforcing security and governance the right way. You'll also explore tools to detect threats before they can do any real damage and those that use machine learning and AI to analyze your security logs and detect anomalies. By the end of this cloud security book, you'll have understood cybersecurity in the cloud and be able to design secure solutions in Microsoft Azure.
Table of Contents (15 chapters)
1
Section 1: Identity and Governance
5
Section 2: Cloud Infrastructure Security
9
Section 3: Security Management

Understanding Azure Virtual Network

The first step in the transition from an on-premises environment to the cloud is Infrastructure as a Service (IaaS). One of the key elements of IaaS is Virtual Networks (VNets). VNets are a virtual representation of our local network with IP address ranges, subnets, and all other network components that we would find in local infrastructure. Recently, we have seen a lot of cloud network components introduced to on-premises networks as well, with the introduction of Software-Defined Networking (SDN) in Windows Server 2016.

Before we start looking at VNet security, let's remember that naming standards should be applied to all Azure resources, and networking is no exception. As environments grow, this will help you have better control over your environment, easier management, and more insight into your security posture.

Each VNet that we create is a completely isolated piece of a network in Azure. We can create multiple VNets inside one subscription...