Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians.
00:01
Welcome to this lesson on veg A machine security.
00:05
This lesson is part of the fifth month. You off the Is that 500 Microsoft adjust Security Technologist costs
00:12
quick information on what we're recovering in this lesson
00:16
will started an overview off Veteran Mission Security Best practices.
00:21
Well, then cover endpoint security.
00:24
This guy encryption
00:26
off. That's management vulnerability, scanning and just in time, VM access.
00:32
Let's get into this.
00:33
So when we talk about veteran mission Security,
00:37
it's important notes that, as your veteran machines, like all on premises, virtual machines amends to be user managed on. What that means is that we're responsible for everything from the operating system level upwards that includes the applications are weighing stolen on the operating system. On access
00:57
to the operating system.
00:59
He has some good security best practices. Toe follow for veteran machines.
01:03
Number one configure endpoint Security
01:07
number two Encryption Vetra mission disks
01:11
number three implement updates Management
01:15
number four. Implement some form of vulnerability assessment on number five implements just in time. VM access would talk about this component in the following slight.
01:26
So the first thing that we talked about is to configure endpoint security
01:30
and here We're talking about protecting against viruses on my way,
01:34
and I said, Best practice. We should install anti malware protection toe, identify and remove viruses spyware on other militia software. So things like in some way
01:47
we can use the free Microsoft and Tomorrow Way application are. We can also install a top pretty onto my way application. So something like Trend Micro Broadcom on McAfee. More recent Windows operating systems also come built in with Windows. The friend of these days on, We can configure those from the Azure portal also
02:07
for data protection. It's always recommended to enable volume level encryption,
02:13
and this will prevent an attacker from being able to take a snapshot off our virtual mission disk
02:19
march. The Destroy another system to get access to our data
02:23
to implement this level of protection we can use as your disk encryption as your disk encryption uses, Industry standard features off the operating systems to provide volume level encryption for the operating system on data disks. So for Windows operating system, it uses bit locker on for Lennox operating system,
02:43
it's uses d m crypt.
02:45
The solution also integrates with azure key vote to manage the disk encryption keys on the secret in our key votes.
02:53
When we talk about updates management, it goes without saying that the best practice is to keep our VM up to date. We have to keep them patched
03:02
on. The significance of this is that unpatched vulnerability is still a common entry vector for Attackers. Toe I environment.
03:12
To keep our system patched, we can use the object management capability in azure automation to manage operating system updates for Windows on Leonard's veteran machines in Azure on on premises.
03:27
The agreement components off this solution.
03:30
The Microsoft Monitoring Agent,
03:32
the Log Analytics workspace,
03:36
ondas your automation accounts.
03:38
As you can see in the diagram on the vital Insight the monitoring agent collect information off missing updates from the endpoint on sends them to a log Analytics workspace.
03:51
The objects are then installed by room books in agile automation. On when objects deployment is created, the deployments create a shadow that starts a master Arbitron book at a specific time
04:02
on the mass around book. Then start a child run book on each agent toe. Install the required a bit
04:10
when we talk about veteran mission vulnerabilities cannon.
04:14
I just security center standards here as a functionality that we can use for this.
04:19
This capability is Frito All Security Center Standard steer users.
04:27
It's uses a thought party solution called qualities in the background. But the process and integration is extracted from us on, even though qualities used, we don't need to obtain, equalised license or have a relationship with Wallace.
04:43
Everything is under similar slee. Inside Security Center,
04:48
therefore stages to using this functionality.
04:53
The fast train is would deploy the qualities Vulnerability scanner extension on our virtual machines in hasher on we can do that's directly from security center.
05:03
The extension then gathers information and sent it to the qualities. Cloud service analysis is done by the qualities Cloud service on findings, a sense to secure it to center.
05:15
Recommendations can then be accessed in security center. It actually the portal or using the FBI.
05:23
Let's talk about just in time. VM access. This is a feature off as your security center that allows us to reduce exposure to attacks. Why providing easy access when we connect to a VM
05:38
on the danger here is that threat actors actively on accessible machines with open management pot. So if we open up our DP an ssh part indefinitely threat. Actors constantly scan for this pots
05:53
and to reduce this attacks a phase we could keep management parts closed on on. Lee opened them Wendy in needed. And this is what's just in time VM access allows us to do.
06:03
They're two steps toe an able dysfunctionality.
06:06
The first thing we need to do is to enable just in time access on our virtual machines. And when we do this security center and shows that the specify parts are blocked in the network security groups or azure farwell associated with that virtual machine.
06:23
Now, whenever user needs toe connects to the VM,
06:27
they could then request access to secure its center for the necessary parts to be open for a limited period of time.
06:33
Security Center will verify that the user has the right permissions, and if they do, it will configure the network security group or a Jafar whoa toe. Allow inbound traffic to the selected parts for the range off time that was specified,
06:48
and this allows the user to be able to connect to the VM
06:51
on after the time has expired. Security center removes the Adult do so that the management part is now blocked.
07:01
He has some supplementary links for further studies on the topics covered in this lesson.
07:06
And here's a somebody off what we covered.
07:10
We started by discussing as your veteran mission Security Best practices recover endpoint security, disk encryption updates, management vulnerability, scanning and finally, just in time VM access.
07:25
Thanks very much for watching, and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor