Implementing Host Security
Configuring Container Security
The course is part of these learning paths
This course focuses on implementing security controls, maintaining the security posture of an Azure environment, and protecting data, applications, and networks, showing you how to configure security for your containers and virtual machines.
The content of this course is ideally suited to those looking to become certified Azure security engineers.
For any feedback, queries, or suggestions relating to this course, please contact us at firstname.lastname@example.org.
- Understand how to configure VM security including VM endpoints and system updates
- Configure baselines
- Understand key Azure networking components
- Configure AKS security
- Obtain a basic understanding of Azure Container Registry and how to create registries in Azure
- Manage vulnerabilities in Azure
This course is intended for people who want to become Microsoft certified Azure security engineers, or those who are tasked with implementing security controls, maintaining the security posture of an Azure environment, or protecting data, applications, and networks.
To get the most from this course, you should have a moderate understanding of Microsoft Azure and of basic security principles.
Hi there, welcome to Hardening Virtual Machines. In this lecture, we're going to look at some of the steps that you can take to harden your Azure VMs, using Azure Security Center.
As I mentioned earlier in this course, Azure Security Center is a service offering that you can use to prevent, detect and respond to threats. It also provides increased visibility into your Azure resources as well as added control over them. Using Security Center, you can safeguard virtual machine data in Azure because of this improved visibility.
When you use Security Center to help protect your virtual machines, several capabilities become available to you. For example, you can configure OS security settings by leveraging recommended configuration rules. You can also manage system security updates and see which critical updates are missing. Security Center also provides endpoint protection recommendations and disk encryption validation.
Other capabilities that become available to you include threat detection and the ability to perform vulnerability assessments and remediations.
Before Azure Security Center can collect the information necessary to make recommendations and to generate alerts, you need to enable data collection. On the screen you can see that data collection has been enabled in this example.
Once you've begun collecting data, you can begin configuring security policies. A security policy defines a set of controls that are recommended for resources within the subscription or resource group.
Security Center analyzes the security state of your resources in Azure, and when it identifies potential security vulnerabilities, it creates recommendations, which are based on your security policies. The recommendations will even walk you through the process of configuring the necessary controls.
The recommendations that security policy makes are presented in a table format. Each line in the table represents one recommendation. When you select a recommendation in the table, Security Center presents you with information that can assist you with the implementation of that recommendation.
You can also use Security Center to monitor and analyze your enabled security policies in order to identify possible vulnerabilities. You can check on the security state of resources from the resource security health blade.
The way threat detection works in Security Center is pretty straightforward. Essentially what happens is that Security Center collects security information from your Azure resources, the network itself, and other connected partner solutions. It then analyzes the collected information. It will then correlate information from multiple sources to identify threats.
Azure Security Center uses advanced security analytics and leverages big data and machine learning to evaluate events across the entire cloud. Using these technologies, Security Center can detect threats that would otherwise be impossible to identify via manual methods.
The Advanced Security analytics that Security Center relies on include things like integrated threat intelligence, behavioral analytics and anomaly detection.
These types of analytics allow Security Center to effectively disrupt the kill chain because they result in detection at different phases of it. The image that you see on your screen highlights a few common alerts for each phase.
Introduction - Configuring Endpoint Security within VMs - Configuring and Monitoring Antimalmare for VMs - Configuring Virtual Machine Security - Configuring System Updates for Virtual Machines - Starting a Runbook from the Azure Portal - Configuring Baselines - Azure Networking - Configuring Authentication - Container Isolation - AKS Security - Azure Container Registry - Creating a Container Registry - Implementing Vulnerability Management - Conclusion
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.