A secure foundation within Microsoft Azure
While we have gone through a lot of content related to zero trust and identity access management, which are crucial factors related to preventing ransomware, we also need to take a closer look at building a secure network design.
The most common network model is a zone-based approach, where you split up the network into different segmented zones depending on function or severity. Traffic going between these different zones is handled through a centralized security mechanism such as a firewall.
In addition, these resources that are placed in the internal zones should not be able to speak with the internet directly. One of the main culprits we see in ransomware cases is where a server is directly available to the internet and has a public-facing service such as SSH/RDP/SMB that gets brute-forced. Another is when a server has direct access to the internet – if an attacker manages to compromise them, they can more easily communicate...
