CHAPTER 7: Security Fundamentals

CHAPTER 7: Security Fundamentals

Welcome to Security Fundamentals. In this chapter, we are going to cover a few different fundamental security topics.

We will start things off by covering the 4 key security pillars of protection. We'll look at identity and access management, threat protection, information protection, and security management.

Next, we’ll cover key identity and access management concepts.

After covering identity and access management concepts, we'll look at threat protection concepts, where you'll learn about the ways you can protect your network against threats from devices and against network threats. Rounding out the chapter, you'll learn about information protection concepts and security management concepts.

Pillars of Protection

Any respectable security design will provide defense in depth. Defense in depth is a security concept that involves the use of several different layers of security to protect data. Defense in depth is important because if a hacker is able to compromise one layer of defense, there are still several others to offer protection. An example of defense in depth in a network environment would be in architecture that features an external firewall, a DMZ, an internal firewall, and then firewalls that are configured on each computer.

Because no single security solution can ensure data security at all times, organizations should take this layered defense in depth approach to protect themselves. Protecting data on computers or servers, for example, may include drive encryption, file and folder permissions, and maybe even rights management.

Microsoft takes a holistic approach to security. In doing so, it helps organizations protect their identities, their data, their applications, and their devices, whether they reside on-prem, in the cloud, or are mobile.

The key pillars that are foundational to the security of every computer system include identity and access management, threat protection, information protection, and security management.

Identity and Access Management

The identity piece of identity and access is used to identify users before they are authorized to access IT resources. Users are typically identified via user accounts, which are assigned the necessary levels of access for particular resources. Each user in an organization may actually have several different user accounts. These accounts can include local login accounts, Active Directory accounts, Azure Active Directory accounts, or Microsoft accounts.

A local user account is specific to a local Windows 10 device only. A local account on one computer will not allow access to resources on another computer. Devices can also have local accounts. For example, all Windows 10 computers have local accounts, but those local accounts are usually not used interactively.

Because most organizations use traditional Active Directory forests to manage their users and computers, domain accounts are another prominent type of user account. These types of accounts are used to authenticate users when they access domain joined devices.

Azure AD accounts are user accounts that are stored in Azure Active Directory. These accounts are generally used to access resources and services that are hosted in the cloud. Office 365 immediately comes to mind. Organizations that use both a traditional on-prem Active Directory and an Azure Active Directory can integrate the two via synchronization with Azure AD Connect.

Microsoft accounts include an email address and password. These accounts are used to sign into many different services and can be used regardless of the user location or organization that a user is a member of. Users that have signed into services like Xbox live or Outlook.com, among others, already have a Microsoft account.

Microsoft accounts can also be used to authenticate with Azure AD.

There are of course many other types of accounts, including social accounts, like Facebook accounts and Twitter accounts.

Since user accounts are the primary way of determining who a user is it’s critical that those accounts be protected and it’s critical that the identity verification process is protected as well. This is referred to as identity protection.

Microsoft 365 offers several features that can be used to identify compromised user accounts. It can, for example, detect new or unusual sign in locations that often indicate an account has been compromised. You can then take action based on these unexpected changes.

Threat Protection

Every time a device connects to your infrastructure, it has the potential to bring with it security risks. For example, if a particular device does not have a properly configured firewall running, it is a threat to the network every time it connects - especially if the device often connects to unsecured public networks when it’s not on the corporate LAN.

A device without antivirus or antimalware protection is obviously a threat because of its risk of being infected with malware. When a device like this attaches to the network, such malware can then be spread to other devices within the organization.

Unpatched operating systems and applications are additional threats to the organization that originate from devices. Because malicious software often takes advantage of unpatched systems, these types of systems and devices can serve as an opening to the corporate LAN.

Poor passwords and poor physical security are also risks that devices introduce to the corporate network. A phone or a device that is protected with an easy to guess PIN or password is a risk because if it is stolen, the data on that device is readily accessible. As far as physical security goes, many users will often leave their devices unattended in public places like airports and Internet cafés. In such scenarios, not only can a device be stolen, but it can also be tampered with.

Many of these risks to device security can be mitigated through end-user education on how to properly secure devices with complex passwords, pins, and biometric protection. That said, education only goes so far. As a result, in order to properly secure your organization’s IT infrastructure, you need to be able to enforce corporate security settings on these devices, including those that are owned by the users. By restricting access to corporate resources to only those devices that adhere to such policies, you can better protect your environment.

Network security is a whole other ball of wax. While there are many different types of attacks that threaten a network, most can be mitigated with some proper network access planning.

To protect your network, you need to take a holistic approach. Every possible threat must be identified and there needs to be a plan for mitigation. For example, there should be a rigorous form of authentication in place for devices that wish to connect to the network. Another way to protect against network sourced threats is to only allow guest users to access the Internet from guest networks, and not from the corporate network.

Information Protection Concepts

To properly protect organizational data, that data needs to be protected both at rest and in transit.

Data at rest is data that is stored somewhere like a file server or on a hard drive. Data at rest can also be stored on a USB flash drive or even in mailboxes. The security risks that are associated with each of these storage locations differs significantly. Data on a thumb drive, for example, can easily be lost because thumb drives are easy to misplace. Because laptops are usually targets for theft, data stored on laptops can disappear rather quickly as well. Because hackers know that organizational file servers often contain critical data, such file servers are often targeted.

Each scenario presents different challenges. That being the case, it’s important to understand which data protection solutions are the right ones to use. Some solutions that can be used to protect data at rest include drive encryption, rights management software, antimalware, and even enhanced network security.

Data in transit is data moving between devices. An example of data in transit would be a user accessing files on a file server or when a user reads his email on his cell phone. Authentication and encryption are used to ensure the safety of data that is in transit from one device to another.

So, the key takeaway here is that there are two information protection concepts to keep in mind. You must protect data at rest, and you must protect data in transit.

Security Management

Security management actually is a combination of the first three concepts that we’ve discussed. It brings together identity and access management, threat protection, and information protection. In order to address these other pillars of security. You need an effective security management process.

Because security management is both proactive and reactive, it’s important to implement solutions that address both sides of the coin. Taking a proactive security management position will often require you to deploy certain types of authentication, like complex passwords and MFA, to meet perceived threats.

Reactive management will require you to deploy tools that you can use to identify security threats that are happening right now. This means you should deploy monitoring tools that cannot only identify active threats, but that can also help you take the correct mitigation steps.

By taking the right security management tact, you can ensure that you are properly addressing the three other key pillars of security.

What You’ve Learned

Congratulations! You have come to the end of Security Fundamentals! Let's review what you've learned.

We kicked things off by covering the 4 key security pillars of protection. We looked include identity and access management, threat protection, information protection, and security management.

Next, we covered key identity and access management concepts.

After covering identity and access management concepts, we looked at threat protection concepts, where you learned about the ways you can protect your network against threats from devices and against network threats.

Rounding things out, you learned about information protection concepts and security management concepts.