Microsoft Azure Security Infrastructure, 1st edition
Published by Microsoft Press (August 23, 2016) © 2017
- Yuri Diogenes
- Tom Shinder
- Debra Shinder
eTextbook
- Available for purchase from all major ebook resellers, including InformIT.com.
- To request a review copy, click on the "Request a Review Copy" button.
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Cisco Press has the only study guides approved by Cisco for the new CCNA certification. The new edition of the best-selling two-book value-priced CCNA 200-301 Official Cert Guide Library includes updated content, new online practice exercises, more than 600 practice exam questions, and more than 2 hours of video training–PLUS the CCNA Network Simulator Lite Editions with 34 free Network Simulator labs (available via download on the companion web site).
CCNA 200-301 Official Cert Guide Library is a comprehensive review and practice package for the latest CCNA exam and is the only self-study resource approved by Cisco. The two books contained in this package, CCNA 200-301 Official Cert Guide, Volume 1 and CCNA 200-301 Official Cert Guide, Volume 2, present complete reviews and a more challenging and realistic preparation experience. The books have been fully updated to refresh the content for the latest CCNA exam topics and to enhance certain key topics that are critical for exam success.
Best-selling author Wendell Odom shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
Chapter 1 Cloud security                                                                                                                Â
Cloud security considerations
Compliance                                                                                                               Â
Risk management                                                                                                    Â
Identity and access management                                                                        Â
Operational security                                                                                               Â
Endpoint protection                                                                                               Â
Data protection                                                                                                        Â
Shared responsibility
Cloud computing                                                                                                     Â
Distributed responsibility in public cloud computing                                    Â
Assume breach and isolation
Azure security architecture
Azure design principles
Chapter 2 Identity protection in Azure                                                                                 Â
Authentication and authorization
Azure hierarchy                                                                                                        Â
Role-Based Access Control                                                                                   Â
On-premises integration
Azure AD Connect                                                                                                   Â
Federation                                                                                                                 Â
Suspicious activity identification
Identity protection
User risk policy                                                                                                         Â
Sign-in risk policy                                                                                                     Â
Notification enabling                                                                                              Â
Vulnerabilities                                                                                                          Â
Multi-Factor Authentication
Azure Multi-Factor Authentication implementation                                      Â
Azure Multi-Factor Authentication option configuration                              Â
Chapter 3 Azure network security                                                                                            Â
Anatomy of Azure networking
Virtual network infrastructure                                                                             Â
Network access control                                                                                         Â
Routing tables                                                                                                          Â
Remote access (Azure gateway/point-to-site VPN/
RDP/Remote PowerShell/SSH)Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Cross-premises connectivity                                                                                Â
Network availability                                                                                                 Â
Network logging                                                                                                       Â
Public name resolution                                                                                          Â
Network security appliances                                                                                Â
Reverse proxy                                                                                                          Â
Azure Network Security best practices
Subnet your networks based on security zones                                            Â
Use Network Security Groups carefully                                                            Â
Use site-to-site VPN to connect Azure Virtual Networks                             Â
Configure host-based firewalls on IaaS virtual machines                              Â
Configure User Defined Routes to control traffic                                          Â
Require forced tunneling                                                                                      Â
Deploy virtual network security appliances                                                     Â
Create perimeter networks for Internet-facing devices                               Â
Use ExpressRoute                                                                                                   Â
Optimize uptime and performance                                                                    Â
Disable management protocols to virtual machines                                      Â
Enable Azure Security Center                                                                               Â
Extend your datacenter into AzureÂ
                                                                    Â
Chapter 4 Data and storage security                                                                                        Â
Virtual machine encryption
Azure Disk Encryption
Storage encryption
File share wire encryption
Hybrid data encryption
Authentication                                                                                                         Â
Wire security                                                                                                            Â
Data at rest                                                                                                                Â
Rights management
Database security
Azure SQL Firewall                                                                                                   Â
SQL Always Encrypted                                                                                            Â
Row-level security                                                                                                  Â
Transparent data encryption                                                                                Â
Cell-level encryption                                                                                              Â
Dynamic data masking
                                                                                            Â
Chapter 5 Virtual machine protection with Antimalware                                        Â
Understanding the Antimalware solution
Antimalware deployment
Antimalware deployment to an existing VMÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Antimalware deployment to a new VMÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Antimalware removal
                                                                                              Â
Chapter 6 Key management in Azure with Key Vault                                                   Â
Key Vault overview
App configuration for Key Vault
Key Vault event monitoring
Chapter 7 Azure resource management security                                                           Â
Azure Security Center overview
Detection capabilities                                                                                            Â
Onboard resources in Azure Security Center
Apply recommendations
Resource security health                                                                                      Â
Respond to security incidents
Chapter 8 Internet of Things security                                                                                     Â
Anatomy of the IoT
Things of the world, unite                                                                                     Â
Sensors, sensors everywhere                                                                             Â
Big data just got bigger: TMIÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Artificial intelligence to the rescue                                                                     Â
IoT security challenges
IoT: Insecure by design                                                                                          Â
Ramifications of an insecure IoTÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
IoT threat modeling
Windows 10 IoT and Azure IoT
Windows 10 IoT editions                                                                                      Â
Azure IoT Suite and secure Azure IoT infrastructure
                                      Â
Chapter 9 Hybrid environment monitoring                                                                       Â
Operations Management Suite Security and Audit solution overview
Log Analytics configuration
Windows Agent installation
Resource monitoring using OMS Security and Audit solution
Security state monitoring                                                                                      Â
Identity and access control                                                                                   Â
Alerts and threatsÂ
                                                                                                   Â
Chapter 10 Operations and management in the cloud                                                  Â
Scenario
Design considerations
Azure Security Center for operations
Azure Security Center for incident response
Azure Security Center for forensics investigation
Index                                                                                                                                       Â
About the authors                                                                                                               Â
Â
YURI DIOGENES is a Senior Content Developer on the CSI Enterprise Mobility and Security Team, focusing on enterprise mobility solutions, Azure Security Center, and OMS Security. Previously, Yuri worked at Microsoft as a writer for the Windows Security team and as a Support Escalation Engineer for the CSS Forefront team. He has a Master of Science degree in Cybersecurity Intelligence and Forensics from Utica College and an MBA from FGF in Brazil, and he holds several industry certifications. He is co-author of Enterprise Mobility Suite–Managing BYOD and Company-Owned Devices (Microsoft Press, 2015), Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion (Microsoft Press, 2010), and three other Forefront titles from Microsoft Press.
DR. THOMAS SHINDER is a program manager in Azure Security Engineering and a 20-year veteran in IT security. Tom is best known for his work with ISA Server and TMG, publishing nine books on those topics. He was also the leading voice at ISAserver.org. After joining Microsoft in 2009, Tom spent time on the UAG DirectAccess team and then took a 3-year vacation from security to be a cloud infrastructure specialist and architect. He’s now back where he belongs in security, and spends a good deal of time hugging his Azure Security Center console and hiding his secrets in Azure Key Vault.
DEBRA LITTLEJOHN SHINDER, MCSE, is a former police officer and police academy instructor who is self-employed as a technol¿ogy consultant, trainer, and writer, specializing in network and cloud security. She has authored a number of books, including Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, 2002) and Computer Networking Essentials (Cisco Press, 2001). She has co-authored more than 20 additional books and worked as a tech editor, developmental editor, and contributor to more than 15 books. Deb is a lead author for WindowSecurity.com and WindowsNetworking.com, and a long-time contributor to the GFI Software blog and other technology publications, with more than 1,500 published articles in print magazines and on websites. Deb focuses on Microsoft products, and has been awarded the Microsoft MVP (Most Valuable Professional) award in the field of enterprise security for 14 years in a row. She lives and works in the Dallas-Fort Worth area and has taught law enforcement, computer networking, and security courses at Eastfield College in Mesquite, Texas. She currently sits on the advisory board of the Eastfield Criminal Justice Training Center Police Academy.
Need help? Get in touch
![Video](https://img.youtube.com/vi/TCIok0KnHDc/hqdefault.jpg)
Pearson eTextbook: What’s on the inside just might surprise you
They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle.Â
![](https://www.pearson.com/content/dam/global-store/global/plp-pdp/1600x800-GettyImages-1172587378.jpg)
Digital Learning NOW
Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.