Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining defense in depth concept – Part 2
Hi All,
Greetings for the day!!!
We are continuing discussing security related concepts and preparing study material for exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals
In last article – Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1 we discussed few terms related to Security
In this article we will discuss concept – defense in depth
Take away from this article
- What is defense in depth?
- Security layers in defense in depth
Defense in depth
- Defense in depth uses layered approach for security for our IT environment
- This strategy uses series of mechanisms to slow down the advance of attack that helps to prevent unauthorized access of data
- At every layer Security / protection is provided so that if one layer are breached, at subsequent layers data is protected
- Microsoft implements this defense in depth strategy for its on-premises datacenters and in Azure cloud services
Security layers in defense of depth
- Physical
- First line of defense to protect hardware in data center
- Related access to data centers
- Only authorized personnel’s can access data centers
- Identity and access
- To control access to infrastructure either implementing conditional access or multi factor authentication – MFA
- Auditing events and changes
- Perimeter
- Use distributed denial of service (DDoS) protection to filter attacks before those can be caused for denial of service for users
- Use perimeter firewall to know and malicious attacks against our network
- Network
- It is about protecting our resources from network attacks
- Deny by default
- Security, such as network segmentation and network access controls, to limit communication between resources
- Security connectivity to on-premises network
- Restrict inbound internet access
- Restrict outbound internet access wherever appropriate
- Compute
- Securing access to virtual machines
- Example is – limiting the number of ports to access virtual machines either hosted in On-Premises environment or in cloud
- Keeping systems patched and current
- Implementing end point protection on devices
- Application
- Security layer for our application – making sure our applications are secured and no security vulnerabilities
- User secure / sensitive storage to store application secrets
- Data
- layer for securing our data – implementing encryption to protect our data
Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂
1 Response
[…] Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaini…we discussed “defense in depth” concept […]