Microsoft Security 虛擬培訓日筆記

知識分享
Shan S. Chen

Microsoft Security 虛擬培訓日筆記

安全性、合規性和身份識別基礎知識

Lession 1

Zero-trust methodology

Defense in depth

Defense in depth uses a layered approach to security

  • Physical
  • Identity and access
  • Perimeter
  • Network
  • Compute
  • Application
  • Data

The shared responsibility model

The responsibilities vary based on where the workload is hosted:

  • Software as a Service
  • Platform as a Service
  • Infrastructure as a Service
  • On-premises datacenter (On-prem)

Confidentiality, Integrity, Availablity (CIA)

CIA – A way to think about security trade-offs.

  • Confidentiality refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data.
  • Integrity
  • Availability

Common threats

  • Data breach
    • Phishing
    • Spear phishing
    • Tech support scams
    • SQL injection
    • Malware designed to steal passwords or bank details
  • Dictionary attack
  • Ransomeware
  • Disruptive attacks

Encryption

Encrption is the process of making data unreadable and unusable to unauthorized viewers.

Two top-level types of enctryption:

  • Symmetric
  • Asymmetric

Hashing

Hashing uses an algorithm to cobert the original text to a unique fixed-lenghth hash value.

Microsoft Cloud Adoption Framework

Consisits of documentation,implementation guidance, & best practices that support increases security and compliance

Lession 2

Common identity attacks

Types of security threats

  • Password-based attacks
  • Phishing
  • Spear phishing

Identity as the primary security perimeter

Identity has become the new security perimeter that enables organizations to secure their assets.

An identtity is how someone or so,ething can be verified and authenticated and may be associated with:

  • User
  • Application
  • Device
  • Other

Four pillars of identity:

  • Administration
  • Authentication
  • Authorization
  • Auditing

Modern authentication and the role of the identity provider

Modern authentication is an umbrella term for authentication and authorization methods between a client and a server.

  • identity provider (IdP)

The concept of Federated Services

Scenario:

  1. The website uses the authentication services of IdP-A
  2. The user authenticates with IdP-B

The concept of directory services and Active Directory

  • A directory is a hierarchical structure that stores information about objects on the network
  • A directory service stores directory data and makes it available to network users, administrators
  • The best-known service of this kind is Active Directory Domain Service (AD DS), a central component

Module Summary

  • Learned about some important security concepts and methodologies.
  • Learned about some import identity concepts

QA

由 Micosoft 365 專家進行問答

What is authorization and authentication with example?

舉個簡單的例子,當你刷badge進入辦公室 確認你的身分的過程就是驗證authentication,當你的公司人資可以造訪你的每月薪資條,就是一種授權他可以閱讀員工薪資條的過程也就是authorization,兩者的差異主要是這樣喔

Azure Active Directory

Azure AD is Microsoft’s cloud-based identity and access management service. Capabilities of Azure AD

Azure AD identity types

  • User
  • Service principal
  • Managed identity
  • Device

Authentication methods of Azure AD

MFA

  • something you know
  • something you have
  • something you are

Multi-factor authentication (MFA) in Azure AD

Different authentication methods that can be used with MFA

  • Passwords
  • Password & additional verification
    • Phone (voice or SMS)
    • Microsoft Authenticator
    • Open Authentication (OATH) with software or hardware tokens

Windows Hello for Business

Self-service password reset (SSPR) in Azure AD

  • Benefits of Self-service password reset
  • Self-service password reset works in the following scenarious
  • Authentication method of SSPR

Lession 3

Conditional Access

Conditional Access signals

  • User or group membership
  • Named location information
  • Device
  • Application
  • Real-time sign-in risk detection
  • Cloud apps or actions
  • User risk

Access controls

  • Block access
  • Grant access
  • Require one or more conditions to be met before granting access

Azure AD role-based access control (RBAC)

  • Built-in roles
  • Custom roles
  • Azure AD role-based access control
  • Only grant the access users need

Lesson4

Identity governance in Azure AD

The tasks of Azure AD identity governance

  • Govern the identity llifecycle
  • Govern access lifecycle
  • Secure privileged access for administration

Identity lifecycle

  • Join: A new digital identity is created
  • Move: Update access authorizations
  • Leave: Access may need to be removed

Entitlement management and access reviews

  • Entitlement management
  • Access reviews
  • Terms of use

Privileged Identity Management (PIM)

PIM enables toy to manage, control, and monitor access to important resources in your organization.

Azure Network Security groups

Network securrity groups (NSG) let you allow or deny network traffic to and from Azure resources that exist in your Azure Virtual Network.

Azure Resource Manager locks

Azure Resource Manager locks

  • Prevent resources from being accidentally deleted or changed.

Azure Policy

Azure Defender

Scope of Azure Defender

  • Servers
  • Kubernetes
  • App Service
  • Container registries
  • Storage
  • Key Bault SQL

SIEM, SOAR, and XDR

SIEM

collect data from accrss the whole estate

Sentinel provides integrated threat protection

  • Collect
  • Detect
  • Investigate
  • Respond

Related posts:

  1. 知識分享 – 個資為何如此重要 近期台灣疫情嚴峻,全台各縣市相繼傳出確診病患,除了政府、醫護人員一刻不敢鬆懈外,全台民眾的生活也受到不少影響, […]...
  2. Tryhackme 如何連到靶機 項目名稱: OpenVPN Task.1 Connecting to our network 要連上Tryha […]...
  3. NetBIOS suffixes – 後綴 NetBIOS 後綴,也稱為 NetBIOS 結束字符 (endchar),是 NetBIOS 名稱的第 16 […]...
  4. Mac M1 tnftp – 229 Entering Extended Passive Mode – Solution ftp> dir229 Entering Extended Passive Mode (|||49305|) […]...
  5. John the Ripper 教學 由於John the Ripper支持多種攻擊模式和不同的使用方式,這裡提供一個基本的使用示例,以展示如何使用 […]...
Website https://medium.com/@54sakuramiku

Related Posts

Back To Top
error: 內容被保護 !!