In this post we will be talking about the Top Most security best practices one should follow in their Azure infrastructure and latter we would talk about alot of security practices needed to make your environment secure.
Security Best Practices :-
Please add in comments if you think something is missing and should be there as a top best security practice.
Security Best Practices :-
=> Security Center - Opt for the standard tier of the Security Center which assess your environment continuously and provides you all the security vulnerabilities and their fixes, Apply access & application control to block malicious activity, Detect threats using analytics and intelligence.
=> Key Vault : Store your keys and secrets in the Azure key vault. Key vault is designed to support any type of secret , passwords, database credentials, API Keys and certificates.
=> WAF : Web application firewall is a feature of App Gateway that provides centralized protection to your web applications from exploits and vulnerabilities. You can use 3rd party as well.
=> MFA & Conditional Access : MFA would help administrators protect their organization and users with additional authentication methods & Conditional Access - enables the administrators to require the end-user to be in a trusted location to register for MFA or SSPR.
=> Encryption : Encrypt your VHD's , Storage , DB in rest or in transit and store the keys & secrets in vault.
=> Network Traffic : Control or protect the traffic with the help of NSG's and JIT to access the VM. Control the RDP access from Internet and create the layered architecture like DMZ(Jump) >> Private (web) >> Internal (DB)
=> DDOS : Distributed denial of services is a type of attack that tries to exhaust application resources. Azure provides Basic DDOS protection but recommended is Standard, which provides additional mitigation capabilities.
=> Anti-virus & malware : Azure VM should have the anit-virus and malware as these are just like on-prem VM hence admins responsibility.
=> Whitelist IP : Azure provides whitelisting Ip's on SQL server, sql DB and storage account as well. Enabling whitelisting for those IP which require only is a good security practice.
=> Virtual Endpoints : Enable endpoints for all the PaaS services which supports this to utilize the Azure backend network rather sending traffic over internet.
=> VM Updates : Ensure your Azure VM are updating regularly.
=> Password : Use proper password security policies to prevent abuse.
Please add in comments if you think something is missing and should be there as a top best security practice.
ReplyDeleteThis was truly awesome. Thanks so much for this..!
Microsoft Azure DevOps Online Training
Microsoft Azure DevOps training hyderabad
Azure DevOps online training in hyderabad
Thanks - sure let us check these training
ReplyDelete