corrected spelling

AbdullahBell · web-flow · commit fccf51975df3 · 2023-02-08T10:53:23.000-05:00
diff --git a/articles/ddos-protection/fundamental-best-practices.md b/articles/ddos-protection/fundamental-best-practices.md
@@ -39,7 +39,7 @@ for autoscaling capabilities.
 The idea behind defense in depth is to manage risk by using diverse defensive strategies. Layering security defenses in an application reduces the chance of a successful attack. We recommend that you implement secure designs for your applications by using the built-in capabilities of the Azure platform.
 
 For example, the risk of attack increases with the size (*surface area*) of the application. You can reduce the surface area by using an approval list to close down the exposed IP address space and listening ports that are not needed on the load balancers ([Azure Load Balancer](../load-balancer/quickstart-load-balancer-standard-public-portal.md) and [Azure Application Gateway](../application-gateway/application-gateway-create-probe-portal.md)). [Network security groups (NSGs)](../virtual-network/network-security-groups-overview.md) are another way to reduce the attack surface.
-You can use [service tags](../virtual-network/network-security-groups-overview.md#service-tags) and [application security groups](../virtual-network/network-security-groups-overview.md#application-security-groups) to minimize complexity for creating security rules and configuring network security, as a natural extension of an application’s structure. Additonally, you can use [Azure DDoS Solution for Microsoft Sentinel](https://techcommunity.microsoft.com/t5/azure-network-security-blog/new-azure-ddos-solution-for-microsoft-sentinel/ba-p/3732013) to pinpoint offending DDoS sources and to block them from launching other, sophisticated attacks, such as data theft.
+You can use [service tags](../virtual-network/network-security-groups-overview.md#service-tags) and [application security groups](../virtual-network/network-security-groups-overview.md#application-security-groups) to minimize complexity for creating security rules and configuring network security, as a natural extension of an application’s structure. Additionally, you can use [Azure DDoS Solution for Microsoft Sentinel](https://techcommunity.microsoft.com/t5/azure-network-security-blog/new-azure-ddos-solution-for-microsoft-sentinel/ba-p/3732013) to pinpoint offending DDoS sources and to block them from launching other, sophisticated attacks, such as data theft.
 
 You should deploy Azure services in a [virtual network](../virtual-network/virtual-networks-overview.md) whenever possible. This practice allows service resources to communicate through private IP addresses. Azure service traffic from a virtual network uses public IP addresses as source IP addresses by default. Using [service endpoints](../virtual-network/virtual-network-service-endpoints-overview.md) will switch service traffic to use virtual network private addresses as the source IP addresses when they're accessing the Azure service from a virtual network.
 
