Introduction

Welcome back to this lesson on cybersecurity strategies. In this session, we will dive into several key security domains, including:

• Perimeter Security: Learn about defense-in-depth strategies, DDoS protection, and firewall implementation.
• Network Security: Understand application security groups, network security groups, web application firewalls, load balancing, Azure Front Door, and ExpressRoute.
• Host Security: Explore securing virtual machines, disk encryption, Defender for Endpoint, Security Center recommendations, and privileged access workstations.
• Container Security: Compare virtual machines versus container instances, and discover how to secure services using Azure Container Registry and Azure Kubernetes Service.

With that in mind, let's start by exploring perimeter security.

Perimeter Security

Perimeter security focuses on safeguarding the outer layers of your infrastructure and network. In this section, we begin by examining the defense-in-depth strategy—a layered security approach that fortifies your assets through multiple security measures.

We then move on to virtual network security:

• DDoS Protection: Enable and configure DDoS protection to defend against distributed denial-of-service attacks.
• Firewalls: Explore the features of various firewall implementations, including the deployment of Azure Firewall.
• VPN Forced Tunneling: Learn how to route traffic from Azure to on-premises environments for thorough inspection.
• User Defined Routes (UDR) & Network Virtual Appliances (NVA): Understand how creating UDRs and deploying NVAs can enhance your network security.

Lastly, we address the hub-spoke topology, which is a crucial design for implementing a secure landing zone.

With these foundations set, let's proceed to our first in-depth topic: defense in depth.