Configure endpoint protection
- The information under Endpoint protection issues can help you create a plan to address any issues identified
- Security Center reports the following endpoint protection issues:
- Endpoint protection not installed on Azure VMs
- Endpoint protection not installed on non-Azure computers
- Endpoint protection health issues
- Security Center presents the endpoint protection issues as a recommendation
Configure centralized policy management by using Azure Security Center
- By default, all prevention policies are turned on
- Enabling a prevention policy, such as OS vulnerabilities, enables recommendations for that policy
- You can enable or disable recommendations for:
- System updates
- OS vulnerabilities
- Endpoint protection
- Disk encryption
- Network security groups
- Web application firewall
- Vulnerability Assessment
- NGFW
- SQL auditing & Threat detection
- SQL Encryption
Configure vulnerability scanning and policies
- Azure Security Center provides you with a centralized view of your Azure resources and their active security state
- It provides integrated security monitoring and policy management across your Azure subscriptions, and works with a broad ecosystem of security solutions
- Security Center delivers these solutions through the following capabilities:
- Prevention
- Detection
- Response
- A security policy defines the set of controls that are recommended for resources within the specified subscription or resource group
- In Azure Security Center, you define policies for your Azure subscriptions or resource groups
- Enabling Security Center and data collection enables all the security policies by default
- Three policy components include:
- Prevention policy
- Email notifications
- Pricing tier
Configure JIT VM access by using Azure Security Center
- RDP brute-force attacks are the attack method most commonly used to access Azure VMs
- To blunt RDP brute-force attacks, you can:
- Disable the public IP address and use a connection method such as P2S VPN, S2S VPN, or Azure ExpressRoute
- Require two-factor authentication
- Use complex passwords
- Limit the time that the ports are open
- Azure Security Center implements the last method by using JIT VM access
- By enabling JIT VM access for your VMs, you can create a policy that determines the ports to help protect, the time ports should remain open, and the approved IP addresses that can access these ports
Top comments (0)