You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/digital-twins/security-best-practices.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ manager: bertvanhoof
7
7
ms.service: digital-twins
8
8
services: digital-twins
9
9
ms.topic: conceptual
10
-
ms.date: 09/30/2019
10
+
ms.date: 11/19/2019
11
11
---
12
12
13
13
# Azure Digital Twins security best practices
@@ -33,8 +33,8 @@ Some key practices to safely secure your IoT devices include:
33
33
> * Limit the role of each device, sensor, and person within your IoT space. If compromised, the effect is minimized.
34
34
> * Consider the potential use of device IP address filtering and port restriction.
35
35
> * Limit I/O and device bandwidth to improve performance. Rate-limiting can improve security by preventing denial-of-service attacks.
36
-
> * Keep device firmware up to date.
37
-
> * Periodically audit and review device, network, and gateway security best practices as they continue to improve and evolve.
36
+
> * Keep device firmware, operating system, and software up to date.
37
+
> * Periodically audit and review device, software, network, and gateway security best practices as they continue to improve and evolve.
38
38
39
39
Some key practices to safely secure an IoT space include:
40
40
@@ -43,16 +43,19 @@ Some key practices to safely secure an IoT space include:
43
43
> * Require passwords or keys to be periodically changed or refreshed.
44
44
> * Carefully restrict access and permissions by role. See the section [Role-based access control best practices](#role-based-access-control-best-practices) below.
45
45
> * Consider a divided network topology so that devices on each network are isolated from the others.
46
-
> * Use powerful encryption. Require long passwords, and use secure protocols and two-factor authentication.
46
+
> * Use powerful encryption. Require long passwords, use secure protocols, and [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks).
47
47
48
48
[Monitor](./how-to-configure-monitoring.md) IoT resources to watch for outliers, threats, or resource parameters that fall outside the range of usual operation. Use Azure Analytics for monitoring management.
49
49
50
+
> [!IMPORTANT]
51
+
> Read Azure [IoT security best practices](../iot-fundamentals/iot-security-best-practices.md) to begin a comprehensive IoT security strategy.
52
+
50
53
> [!NOTE]
51
54
> For more information on event processing and monitoring, see [Route events and messages with Azure Digital Twins](./concepts-events-routing.md).
52
55
53
56
## Azure Active Directory best practices
54
57
55
-
Azure Digital Twins uses Azure Active Directory to authenticate users and protect applications. Azure Active Directory supports authentication for a variety of modern architectures. They're all based on industry-standard protocols such as OAuth 2.0 or OpenID Connect. A few key practices to secure your IoT space for Azure Active Directory include:
58
+
Azure Digital Twins uses [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/authentication/) to authenticate users and protect applications. Azure Active Directory supports authentication for a variety of modern architectures. They're all based on industry-standard protocols such as OAuth 2.0 or OpenID Connect. A few key practices to secure your IoT space for Azure Active Directory include:
56
59
57
60
> [!div class="checklist"]
58
61
> * Store Azure Active Directory app secrets and keys in a secure location, such as [Azure Key Vault](https://azure.microsoft.com/services/key-vault/).
0 commit comments