Network security is one of the basic layers of security in most organizations’ overall cybersecurity strategy. Microsoft Azure and Microsoft on-premises solutions have advanced security features built in that allow businesses to protect their on-premises and cloud environment from modern cyber threats. Let’s consider these advanced security features and how they can be used to improve the security stance of today’s infrastructure.
Advanced security features in the Windows OS
There are many advanced security features included in Microsoft Windows operating systems. One of the first basic lines of defense is the Windows Defender Firewall.
Windows Defender Firewall
With the built-in Windows Defender Firewall, you can filter incoming and outgoing traffic based on network rules you apply to enforce which traffic is allowed. This solution has many features and capabilities, and integrations extend the capabilities of those found in Microsoft’s cloud.
Note the following:
- Advanced threat protection – The Microsoft Advanced Threat Protection (ATP) integrates with Windows Defender to provide real-time threat detection and response capabilities
- Network isolation – You can use the Windows firewall to create isolation with your Windows devices so that even if these are on the same segment or VLAN, lateral movement between devices is restricted. This basic functionality and security feature makes it exponentially more difficult for an attacker to compromise devices on the network.
- Customizable rules – There are many built-in rules included in Windows for common protocols and communication, but you can also create customized rules to fit just about any type of network traffic needed
Always On VPN
VPNs provide the connectivity that remote and hybrid workers need when located off-site from the business network. VPNs allow a device to become “part of” the network, even though the user and device may not be directly connected. The Always On VPN found in Windows allows users to establish persistent VPN connections that can be enforced with policy rules.
It also integrates with identity sources like Active Directory Domain Services (AD DS). You can also use additional authorization rules found in your Network Policy Server (NPS), which many organizations have in place and use.
In addition to the identity and authorization features provided by Active Directory and NPS, the VPN tunnel created is encrypted end-to-end so that network communication remains private.
Note the following:
- Automatic connections – The Always On VPN as the name implies, is “always on,” meaning it connects remote devices to the corporate network without the user having to interact or initiate the connection
- Active Directory and NPS integration – With Active Directory and NPS, you can integrate authentication and authorization with existing infrastructure and identity sources on-premises
- End-to-end encryption – There is end-to-end encryption with the Always On VPN tunnel, meaning attackers can’t eavesdrop on network communications as these are transmitted across the wire
Zero-trust security model
Microsoft has included the tools and capabilities needed to implement zero-trust with Windows. Zero-trust means that regardless of the user or device, no privileges are implied unless identity is verified. Each request for access is verified as if it comes from an open or untrusted network.
Zero-trust is implemented based on the following security principles:
- Authenticate for everything – Authentication and authorization are never implied. These are always verified based on identity
- Principle of least privilege – Using the principles of least privilege, user access is based on just-in-time and just-enough-access
- Assume the network is compromised – Zero trust also implies many of the same principles that would be assumed if the network is compromised or breached. You need to minimize the blast radius of the attack and contain traffic to specific network segments.
Advanced Network Security Features in Microsoft Azure
Customers can benefit from several built-in advanced network security features in Microsoft Azure. Note the following sections covering the Azure network security solutions that are part of the overall catalog of security products from Microsoft in the cloud.
Azure Firewall
The Azure Firewall is a cloud network firewall security service that enables threat protection for workloads that are running in Microsoft Azure. The firewall service is a stateful firewall service that has high availability built into the solution. Also, it includes the built-in cloud scalability options available with cloud infrastructure.
The Azure Firewall solution provides L3-L7 filtering and is also driven by intelligence feeds from Microsoft Cyber Security sources. Known malicious sources, including IP addresses and domains, are updated in real time.
Azure DDoS Protection
Distributed Denial of Service (DDoS) attacks are still widely used by threat actors to disrupt and hold network connections hostage. These attempt to exhaust an application’s resources using nefarious traffic so that legitimate traffic can’t get through.
Azure DDoS Protection provides DDoS protection to help defend against these often very targeted and large-scale attacks. You can easily enable protection on any new or existing Azure virtual network without application or resource charges. It protects the network at Layer 3 and Layer 4.
Azure Network Security Groups (NSGs)
The Azure Network Security Groups construct allows network traffic to be filtered between your Azure resources in an Azure Virtual Network. The network security group contains rules that allow or deny inbound or outbound network traffic.
Each rule allows specifying the source, destination, port, and protocol for filtering.
Azure Sentinel
Next is Azure Sentinel. It is a scalable, cloud-native Security Information and Event Management (SIEM) solution that also includes Security Orchestration Automation and Response (SOAR) capabilities. Microsoft uses artificial intelligence to detect and investigate security threats like most modern cybersecurity solutions.
Organizations can also integrate with Microsoft Entra ID to use identity-based security. Sentinel also has customizable dashboards for real-time visibility of security events.
It also incorporates Azure services like Log Analytics and Logic Apps with AI detection. Note the following features:
- It has deep investigation tools to find the root cause of security threats and vulnerabilities
- It enhances threat hunting with search and query tools based on MITRE
- You can use Jupyter notebooks in Azure Machine Learning workspaces to extend the scope of Microsoft Sentinel
Microsoft Entra Private Access
The new Microsoft Entra Private Access is a part of Microsoft’s security edge solution. It takes an identity-centric and zero-trust approach using the conditional access policy engine. It assesses risk in real time and applies network conditions to protect apps and resources. These include file shares and virtual machines.
The network controls that are included with Entra Private Access go beyond what you can do with traditional access control lists or ACLs. It uses a locally installed access agent on the user’s devices. A network connector is installed to handle network connections on the local network. It integrates with identity systems with Microsoft Entra.
It has advantages over traditional VPNs and, according to Microsoft, requires no code changes to implement for organizations enabling the hybrid workforce.
Wrapping up
We have only covered a few of the services found in Microsoft Windows and Microsoft Azure that allow businesses to have the tools needed to combat modern cybersecurity threats. Most companies are leveraging a hybrid workforce that may be located anywhere in the world. Modern security solutions must use identity as part of a zero-trust strategy to implement effective cybersecurity with their hybrid infrastructure.