Muutke küpsiste eelistusi

Microsoft Azure Security Infrastructure [Pehme köide]

4.09/5 (31 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 224 pages, kõrgus x laius x paksus: 229x189x12 mm, kaal: 378 g
  • Sari: IT Best Practices - Microsoft Press
  • Ilmumisaeg: 11-Oct-2016
  • Kirjastus: Microsoft Press
  • ISBN-10: 150930357X
  • ISBN-13: 9781509303571
Teised raamatud teemal:
Microsoft Azure Security InfrastructureSuurem pilt
  • Formaat: Paperback / softback, 224 pages, kõrgus x laius x paksus: 229x189x12 mm, kaal: 378 g
  • Sari: IT Best Practices - Microsoft Press
  • Ilmumisaeg: 11-Oct-2016
  • Kirjastus: Microsoft Press
  • ISBN-10: 150930357X
  • ISBN-13: 9781509303571
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781509303571.html
Märksõnad:
Implement maximum control, security, and compliance processes in Azure cloud environments In Microsoft Azure Security Infrastructure, three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. Youll learn how to prepare infrastructure with Microsofts integrated tools, prebuilt templates, and managed servicesand use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. Youll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvementso you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve.

Three Microsoft Azure experts show you how to:

Understand cloud security boundaries and responsibilities

Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection

Explore Azures defense-in-depth security architecture

Use Azure network security patterns and best practices

Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security

Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines

Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information

Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite

Effectively model threats and plan protection for IoT systems

Use Azure security tools for operations, incident response, and forensic investigation
Foreword vi
Introduction ix
Chapter 1 Cloud security 1(18)
Cloud security considerations
1(5)
Compliance
1(1)
Risk management
2(1)
Identity and access management
3(1)
Operational security
3(1)
Endpoint protection
4(1)
Data protection
5(1)
Shared responsibility
6(6)
Cloud computing
7(4)
Distributed responsibility in public cloud computing
11(1)
Assume breach and isolation
12(3)
Azure security architecture
15(2)
Azure design principles
17(2)
Chapter 2 Identity protection in Azure 19(32)
Authentication and authorization
19(6)
Azure hierarchy
20(1)
Role-Based Access Control
21(4)
On-premises integration
25(9)
Azure AD Connect
25(3)
Federation
28(6)
Suspicious activity identification
34(2)
Identity protection
36(8)
User risk policy
39(2)
Sign-in risk policy
41(1)
Notification enabling
42(1)
Vulnerabilities
42(2)
Multi-Factor Authentication
44(7)
Azure Multi-Factor Authentication implementation
45(3)
Azure Multi-Factor Authentication option configuration
48(3)
Chapter 3 Azure network security 51(36)
Anatomy of Azure networking
52(19)
Virtual network infrastructure
53(3)
Network access control
56(1)
Routing tables
57(2)
Remote access (Azure gateway/point-to-site VPN/RDP/Remote PowerShell/SSH)
59(3)
Cross-premises connectivity
62(3)
Network availability
65(2)
Network logging
67(2)
Public name resolution
69(1)
Network security appliances
69(1)
Reverse proxy
69(2)
Azure Network Security best practices
71(16)
Subnet your networks based on security zones
73(1)
Use Network Security Groups carefully
74(1)
Use site-to-site VPN to connect Azure Virtual Networks
75(1)
Configure host-based firewalls on laaS virtual machines
76(1)
Configure User Defined Routes to control traffic
77(1)
Require forced tunneling
78(1)
Deploy virtual network security appliances
79(1)
Create perimeter networks for Internet-facing devices
80(1)
Use ExpressRoute
80(1)
Optimize uptime and performance
81(2)
Disable management protocols to virtual machines
83(1)
Enable Azure Security Center
84(1)
Extend your datacenter into Azure
85(2)
Chapter 4 Data and storage security 87(20)
Virtual machine encryption
88(1)
Azure Disk Encryption
89(3)
Storage encryption
92(2)
File share wire encryption
94(2)
Hybrid data encryption
96(3)
Authentication
97(1)
Wire security
98(1)
Data at rest
98(1)
Rights management
99(2)
Database security
101(6)
Azure SQL Firewall
102(1)
SQL Always Encrypted
103(1)
Row-level security
103(1)
Transparent data encryption
104(1)
Cell-level encryption
104(1)
Dynamic data masking
105(2)
Chapter 5 Virtual machine protection with Antimalware 107(16)
Understanding the Antimalware solution
107(2)
Antimalware deployment
109(14)
Antimalware deployment to an existing VM
110(5)
Antimalware deployment to a new VM
115(5)
Antimalware removal
120(3)
Chapter 6 Key management in Azure with Key Vault 123(14)
Key Vault overview
123(3)
App configuration for Key Vault
126(6)
Key Vault event monitoring
132(5)
Chapter 7 Azure resource management security 137(20)
Azure Security Center overview
137(3)
Detection capabilities
138(2)
Onboard resources in Azure Security Center
140(4)
Apply recommendations
144(8)
Resource security health
147(5)
Respond to security incidents
152(5)
Chapter 8 Internet of Things security 157(20)
Anatomy of the loT
157(8)
Things of the world, unite
158(2)
Sensors, sensors everywhere
160(3)
Big data just got bigger: TMI
163(2)
Artificial intelligence to the rescue
165(1)
loT security challenges
165(5)
loT: Insecure by design
165(2)
Ramifications of an insecure loT
167(3)
loT threat modeling
170(1)
Windows 10 loT and Azure loT
171(6)
Windows 10 loT editions
172(1)
Azure loT Suite and secure Azure loT infrastructure
173(4)
Chapter 9 Hybrid environment monitoring 177(16)
Operations Management Suite Security and Audit solution overview
177(1)
Log Analytics configuration
178(2)
Windows Agent installation
180(3)
Resource monitoring using OMS Security and Audit solution
183(10)
Security state monitoring
184(4)
Identity and access control
188(1)
Alerts and threats
189(4)
Chapter 10 Operations and management in the cloud 193(10)
Scenario
193(1)
Design considerations
194(2)
Azure Security Center for operations
196(2)
Azure Security Center for incident response
198(3)
Azure Security Center for forensics investigation
201(2)
Index 203(7)
About the authors 210
YURI DIOGENES is a Senior Content Developer on the CSI Enterprise Mobility and Security Team, focusing on enterprise mobility solutions, Azure Security Center, and OMS Security. Previously, Yuri worked at Microsoft as a writer for the Windows Security team and as a Support Escalation Engineer for the CSS Forefront team. He has a Master of Science degree in Cybersecurity Intelligence and Forensics from Utica College and an MBA from FGF in Brazil, and he holds several industry certifications. He is co-author of Enterprise Mobility SuiteManaging BYOD and Company-Owned Devices (Microsoft Press, 2015), Microsoft Forefront Threat Management Gateway (TMG) Administrators Companion (Microsoft Press, 2010), and three other Forefront titles from Microsoft Press.

DR. THOMAS SHINDER is a program manager in Azure Security Engineering and a 20-year veteran in IT security. Tom is best known for his work with ISA Server and TMG, publishing nine books on those topics. He was also the leading voice at ISAserver.org. After joining Microsoft in 2009, Tom spent time on the UAG DirectAccess team and then took a 3-year vacation from security to be a cloud infrastructure specialist and architect. Hes now back where he belongs in security, and spends a good deal of time hugging his Azure Security Center console and hiding his secrets in Azure Key Vault.

DEBRA LITTLEJOHN SHINDER, MCSE, is a former police officer and police academy instructor who is self-employed as a technol¿ogy consultant, trainer, and writer, specializing in network and cloud security. She has authored a number of books, including Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, 2002) and Computer Networking Essentials (Cisco Press, 2001). She has co-authored more than 20 additional books and worked as a tech editor, developmental editor, and contributor to more than 15 books. Deb is a lead author for WindowSecurity.com and WindowsNetworking.com, and a long-time contributor to the GFI Software blog and other technology publications, with more than 1,500 published articles in print magazines and on websites. Deb focuses on Microsoft products, and has been awarded the Microsoft MVP (Most Valuable Professional) award in the field of enterprise security for 14 years in a row. She lives and works in the Dallas-Fort Worth area and has taught law enforcement, computer networking, and security courses at Eastfield College in Mesquite, Texas. She currently sits on the advisory board of the Eastfield Criminal Justice Training Center Police Academy.