Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining defense in depth concept – Part 2

Hi All,

Greetings for the day!!!

We are continuing discussing security related concepts and preparing study material for exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals

In last article – Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1 we discussed few terms related to Security

In this article we will discuss concept – defense in depth

Take away from this article

• What is defense in depth?
• Security layers in defense in depth

Defense in depth

• Defense in depth uses layered approach for security for our IT environment
• This strategy uses series of mechanisms to slow down the advance of attack that helps to prevent unauthorized access of data
• At every layer Security / protection is provided so that if one layer are breached, at subsequent layers data is protected
• Microsoft implements this defense in depth strategy for its on-premises datacenters and in Azure cloud services

Security layers in defense of depth

• Physical
  • First line of defense to protect hardware in data center
  • Related access to data centers
  • Only authorized personnel’s can access data centers
• Identity and access
  • To control access to infrastructure either implementing conditional access or multi factor authentication – MFA
  • Auditing events and changes
• Perimeter
  • Use distributed denial of service (DDoS) protection to filter attacks before those can be caused for denial of service for users
  • Use perimeter firewall to know and malicious attacks against our network
• Network
  • It is about protecting our resources from network attacks
  • Deny by default
  • Security, such as network segmentation and network access controls, to limit communication between resources
  • Security connectivity to on-premises network
  • Restrict inbound internet access
  • Restrict outbound internet access wherever appropriate
• Compute
  • Securing access to virtual machines
  • Example is – limiting the number of ports to access virtual machines either hosted in On-Premises environment or in cloud
  • Keeping systems patched and current
  • Implementing end point protection on devices
• Application
  • Security layer for our application – making sure our applications are secured and no security vulnerabilities
  • User secure / sensitive storage to store application secrets
• Data
  • layer for securing our data – implementing encryption to protect our data

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂