Azure Security Design to Prevent Attacks — Use cases

  • Allows you to protect your Azure resources from denial of service (DoS) attacks.
  • DDoS protection (layers 3 and 4) offers two service tiers: Basic and Standard.
  • Enabled by default (free).
  • It mitigates common network attacks.
  • Both basic and standard protects IPv4 and IPv6 public IP addresses.
  • It has advanced capabilities to protect you against network attacks such as logging, alerting, and telemetry.
  • Mitigates the following attacks:
  • Volumetric attacks — flood the network layer with attacks.
  • Protocol attacks — exploit a weakness in layers 3 and 4.
  • Resource layer attacks — a layer 7 attack that disrupts the transmission of data between hosts.
  • Enables you to configure alerts at the start and stop of an attack.
  • The metric data is retained for 30 days.
  • Provides auto tuned mitigation policies (TCP/TCP SYN/UDP) for each public IP.
  • SQL-injection protection.
  • Cross-site scripting protection.
  • Protection against other common web attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.
  • Protection against HTTP protocol violations.
  • Protection against HTTP protocol anomalies, such as missing host user-agent and accept headers.
  • Protection against crawlers and scanners.
  • Detection of common application misconfigurations (for example, Apache and IIS).
  • Configurable request size limits with lower and upper bounds.
  • Exclusion lists let you omit certain request attributes from a WAF evaluation. A common example is Active Directory-inserted tokens that are used for authentication or password fields.
  • Create custom rules to suit the specific needs of your applications.
  • Geo-filter traffic to allow or block certain countries/regions from gaining access to your applications.
  • Protect your applications from bots with the bot mitigation ruleset.
  • Inspect JSON and XML in the request body

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store