Let's look at the actual tools that can help you with your network protection.
We've discussed the Laird's approach to security at the beginning of the model.
Protecting the perimeter of your network is an essential part of this approach.
You can use actual security tent of to identify the resources that are publicly exposed but are not protected by a firewall.
Ah, firewall is a device or service that inspects the network traffic and grants access based on the originating I P address, network protocol and pork.
You can create fire old rules that specify the I P Address or I be ranges, protocols and ports and the fire. Whoa ensures that only a lot requests are forwarded to the target. Three sources.
I shall provide several firewall options for you to protect your network from external attacks.
Actual firewall is a fully managed service that protects resource is in your virtual network.
It has a building high of our ability, and it can scale on demand.
Actual fire. Whoa is a layer three firewall and can protect you not only from http HDP attacks, but also
other protocol attacks like sshh, remote desktop protocol, file transfer protocol and so on.
We've discussed as your application gateway in the past.
It has a building Web application firewall that can protect your weapon work walls from common attacks like cross site scripting and sequel injection.
Actual marketplace has offers for third party Network Virtue appliances that are similar to hardware appliances. Enough our advanced configuration for applications and solutions that require grand work
Any resource exposed to the Internet is pronto distributed. The now off service attacks the Attackers go is to overwhelm the end points by sending so many requests that the resource becomes responsive.
Actual DDOS protection service can be used to provide defense against the U. S. Attacks.
Actually, did us monitors the traffic at the network perimeter, and if an attack is detected, you will be notified using azure monitor metrics.
The service comes with two tiers basic that is automatically enabled us part of National Platform. It uses the same algorithms that provide protection for all other Microsoft Service's
and standard that provides additional capabilities that are tune based on the traffic and resource is in your actual virtual network.
Actually, did us uses machine learning to learn the communication? Parton's between the resource is deporting the Venus and can mitigate various types of attacks, like biometric ones, where the attacker tries to say I'm a light legit Traffic
protocol attacks where protocol weaknesses are exploited or resource layer attacks where the application traffic is disrupted.
Protection that the perimeter is just one of the layers of security that you can implement.
You also need to think of protection inside your network and prevent the lateral movement of an attacker if one of your existing defences fails,
as we discussed previously, network security groups are critical to restricting the communication between your internal resource is network security groups are resource based firewalls that allow you to create inbound and now about rules based on I P addresses, protocols and ports.
It is recommended to deny all communication between system that is not essential for the work of your application.
You can remove the public access to your at your service is by restricting access to the service endpoints, practically limiting the traffic to the minute. Only
communication with your on premise work Walls can become figured by other private virtual private network that communicates with the VP and device on the premise on premises or via dedicated private connection using express route that allows you
you also have private connection to other. Microsoft service is like Office 3 65 and Dynamics 3 65
This limits the exposure to Darfur basis as well.
In the next video, we'll see how you can use an actual advanced threat protection to detect threats on your quality infrastructure.