Azure Series #1: Security Layer — 2. Network — Protection

Protection:

Web Application Firewall:

Azure Web Application Firewall (WAF) provides centralized protection on the Azure Application gateway. The attackers who try to get into the web servers and tries to disrupt the services are protected via WAF. The attacks and vulnerabilities include SQL Injection, cross-site scripting, etc. The interesting part is, WAF automatically updates to include protection against any new vulnerabilities with no configuration needed at all.

Key Benefits:

  1. Protection
  2. Monitoring
  3. Customization

Key Features:

  • Vulnerabilities / Attacks: SQL-Injection protection & Cross-site protection, HTTP request smuggling, HTTP response splitting and remote file inclusion, HTTP Protocol violations, HTTP protocol anomalies, crawlers, and scanners.
  • Mis-Config: Protection against misconfiguration in web servers, incorrect size limits.
  • Filters: Geo-filter traffic, block or open certain countries/regions for your organization’s applications.
  • Rules: create WAF policies to enable WAF for your application.

Azure Firewall:

While WAF is for Application security, you need a security and protection layer that is for the Network, which is taken care of by Azure Firewall — it is a cloud-based network security service that protects your organization’s Azure Virtual Network Resources. It is fully stateful in the sense that inbound requests trace outbound responses. Across your organization’s subscription and virtual networks, you can enforce, create and log application and network connectivity policies. It uses Static IP for your virtual network sources allowing outside firewalls to identify traffic from the virtual network and is fully integrated for Azure monitor for logging and analytics.

#azure-interview #azure-security #azure series #azure #network #protection

Azure Series #1: Security Layer — 2. Network — Protection