AB#1037387: Fundamentals of network security

Author: ShawnKupfer

learn-pr/azure/network-fundamentals-2/1-introduction.yml

@@ -4,9 +4,9 @@ title: Introduction
 metadata:
   title: Introduction
   description: Learn the fundamentals of computer networking security. You'll cover the core difference between authentication and authorization. You'll also explore monitoring of network access and traffic usage. Finally, you'll explore network security and how firewalls can be used to protect your network and your organization's assets and resources.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 2
 content: |

learn-pr/azure/network-fundamentals-2/2-basic-client-server.yml

@@ -2,11 +2,11 @@
 uid: learn.azure.network-fundamentals-2.basic-client-server
 title: An introduction to network client and server technology
 metadata:
-  title:  An introduction to network client and server technology
+  title:  An Introduction to Network Client and Server Technology
   description: An introduction to network-based client technology and the various server options available.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 7
 content: |
@@ -34,6 +34,6 @@ quiz:
     - content: "Hosts all your web and non-web apps in one place, so they can be accessed across the network."
       isCorrect: true
       explanation: "An application server provides application access to a client."
-    - content: "Hosts all your web apps and lets users in the network run them and use them in their browser."
+    - content: "An application server hosts all your web apps and lets users in the network run them and use them in their browser."
       isCorrect: false
       explanation: "An application server provides application access to a client (both web apps and custom software)."

learn-pr/azure/network-fundamentals-2/3-authentication-authorization.yml

@@ -2,11 +2,11 @@
 uid: learn.azure.network-fundamentals-2.authentication-authorization
 title: Use authentication and authorization in your network
 metadata:
-  title:  Use authentication and authorization in your network
+  title:  Use Authentication and Authorization in your Network
   description: Understand how authentication and authorization can help protect your network.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 9
 content: |

learn-pr/azure/network-fundamentals-2/4-firewalls-network-security.yml

@@ -2,11 +2,11 @@
 uid: learn.azure.network-fundamentals-2.firewalls-network-security
 title: Understand firewalls and network security
 metadata:
-  title:  Understand firewalls and network security
+  title:  Understand Firewalls and Network Security
   description: Understanding what firewalls are and how to use them, and understanding network security.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 10
 content: |
@@ -31,7 +31,7 @@ quiz:
     - content: Packet filtering firewall.
       isCorrect: false
       explanation: This type of firewall checks your packets. Use a proxy server to hide details about your clients from the internet.
-    - content: Circuit-level  firewall.
+    - content: Circuit-level firewall.
       isCorrect: false
       explanation: This type of firewall helps you check whether TCP and UDP connections are valid. Use a proxy server to hide details about your clients from the internet.
     - content: Proxy server firewall.

learn-pr/azure/network-fundamentals-2/5-network-monitoring.yml

@@ -2,11 +2,11 @@
 uid: learn.azure.network-fundamentals-2.network-monitoring
 title: Network monitoring
 metadata:
-  title: Use monitoring in your network
+  title: Use Monitoring in your Network
   description: Understand how to use monitoring to protect your network.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 7
 content: |
@@ -16,13 +16,13 @@ quiz:
   questions:
   - content: You need to query log data for applications across your network in Azure. Which tool do you use?
     choices:
-    - content: You use Syslog to query the log data that has been collected.
+    - content: Use Syslog to query the log data that has been collected.
       isCorrect: false
       explanation: Syslog is used for event logging. Use Log Analytics.
-    - content: You use Log Analytics to query the data that has been collected.
+    - content: Use Log Analytics to query the data that has been collected.
       isCorrect: true
       explanation: Log Analytics can help you run complex queries over your log data.
-    - content: You use an agent to run queries on the data that has been collected.
+    - content: Use an agent to run queries on the data that has been collected.
       isCorrect: false
       explanation: An agent is used to collect information from a resource such as a virtual machine. Use Log Analytics to run queries.
 

learn-pr/azure/network-fundamentals-2/6-summary.yml

@@ -4,9 +4,9 @@ title: Summary
 metadata:
   title: Summary
   description: Review what you've learned about network security fundamentals.
-  ms.date: 07/13/2023
-  author: cryophobia
-  ms.author: chrvaw
+  ms.date: 03/27/2025
+  author: rmcmurray
+  ms.author: robmcm
   ms.topic: unit
 durationInMinutes: 1
 content: |

learn-pr/azure/network-fundamentals-2/includes/1-introduction.md

@@ -1,4 +1,4 @@
-The decision to move to the cloud and taking on a role as an Azure developer, solution architect, or administrator requires knowledge of the foundations of networking. Networks are made up of various network devices. However, there are other aspects to keep in mind, such as how to share resources on a network in a secure way and how to ensure that only authorized users have access to these resources.
+Deciding to move to the cloud and taking on a role as an Azure developer, solution architect, or administrator requires knowledge of the foundations of networking. Networks are made up of various network devices. However, there are other aspects to keep in mind, such as how to share resources on a network in a secure way and how to ensure that only authorized users have access to these resources.
 
 In this module, we'll explore the fundamentals of networking security. We'll look at how to share resources in a client-server network and explain the core difference between authentication and authorization. Next, we'll explore how to use firewalls to help protect your network and discuss how to monitor network access and traffic usage. Finally, we'll see how each aspect is addressed in Azure.
 

learn-pr/azure/network-fundamentals-2/includes/2-basic-client-server.md

@@ -1,4 +1,4 @@
-The first thing you need to understand about the composition of a network is how it's built. Servers are the workhorses of a network. Connections are achieved throughout a network through a mix of hubs, switches, and routers. This knowledge applies whether it's your own organization's network, or more extensive networks like the web. All networks are built on the same principles.
+The first thing to understand about a network's composition is how it's built. Servers are the workhorses of a network. Connections are achieved throughout a network through a mix of hubs, switches, and routers. This knowledge applies whether it's your own organization's network or more extensive networks like the web. All networks are built on the same principles.
 
 In this unit, you'll gain a better understanding of the various client options. You'll also explore the various server models and options available.
 
@@ -69,7 +69,7 @@ There are several advantages that a client-server provides an organization. Thes
 
 As with any technology, there are also disadvantages that you should consider when you use a client-server network architecture:
 
-- The failure of the server can block users from accessing resources. Because the resources are now centralized, any access disruption will affect all users.
+- Server failure can block users from accessing resources. Because the resources are now centralized, any access disruption will affect all users.
 - Setting up a client-server architecture can be expensive, because it requires dedicated hardware and software.
 - Running and maintaining a network requires IT professionals with dedicated technical knowledge.
 - Multiple requests for the same operation affect the performance of the server; for example, in a denial-of-service attack.

learn-pr/azure/network-fundamentals-2/includes/3-authentication-authorization.md

@@ -70,7 +70,7 @@ In Kerberos, principals get tickets that grant them service tickets from the KDC
 
 TLS and the older SSL are both protocols for encrypting information sent over the internet. Because the data is encrypted, attackers can't view what is sent through TLS/SSL.
 
-You'll often see a padlock icon on your browser when a site makes use of a secure connection. This symbol means the site is using a secure TLS/SSL session with the browser. TLS/SSL is also used for file transfers, voice-over-IP, and email.
+You'll often see a padlock icon on your browser when a site makes use of a secure connection. This symbol means the site is using a secure TLS/SSL session with the browser. TLS/SSL is also used for file transfers, voice over IP, and email.
 
 SSL is the predecessor of TLS, and is deprecated. We'll often find the two terms used interchangeably.  The protocols work as follows:
 
@@ -86,7 +86,7 @@ SSL is the predecessor of TLS, and is deprecated. We'll often find the two terms
 
 1. The client sends a "finished" message that's encrypted with the shared key.
 
-1. The server sends its own "finished" message that is encrypted with the shared key. From this point, the client and the server can continue to exchange messages that are encrypted with the shared encrypted key.
+1. The server sends its own "finished" message that's encrypted with the shared key. From this point, the client and the server can continue to exchange messages that are encrypted with the shared key.
 
 ## Network authorization
 

learn-pr/azure/network-fundamentals-2/includes/4-firewalls-network-security.md

@@ -23,7 +23,7 @@ You can use antimalware and antivirus tools to monitor and remedy malware. These
 
 ### Application security
 
-Attackers can compromise applications, whether they're yours or owned by a third party. The software may inadvertently contain security vulnerabilities that an attacker might use to access devices and network resources. If an application is developed in-house, you'll need to actively find and fix vulnerabilities that attackers could abuse. One solution is to test your application during its development lifecycle and implement whatever changes are needed to fix a potential vulnerability. If you're dealing with an application developed elsewhere, it's a good practice to apply updates as soon as they're available.
+Attackers can compromise applications, whether they're yours or owned by a third party. The software might inadvertently contain security vulnerabilities that an attacker could use to access devices and network resources. If an application is developed in-house, you'll need to actively find and fix vulnerabilities that attackers could abuse. One solution is to test your application during its development lifecycle and implement whatever changes are needed to fix a potential vulnerability. If you're dealing with an application developed elsewhere, it's a good practice to apply updates as soon as they're available.
 
 ### Behavioral analytics
 
@@ -53,7 +53,7 @@ A virtual private network (VPN) can establish an encrypted connection from one n
 
 ### Web security
 
-You can employ tools that secure how your people use the web. For example, you can use a web filter to prevent users from accessing certain types of sites that have been red flagged. These web-security tools also allow you to set up policies that help you decide how you want to handle different types of web requests in your network.
+You can employ tools that secure how your people use the web. For example, you can use a web filter to prevent users from accessing certain types of sites that have been red flagged. These web security tools also allow you to set up policies that help you decide how you want to handle different types of web requests in your network.
 
 ### Wireless security
 
@@ -103,7 +103,7 @@ Firewalls can perform several different functions across your network:
 
 - **Application-layer firewalls** can be a physical appliance or software-based, like a plug-in or a filter. These types of firewalls target your applications. For example, they could affect how requests for HTTP connections are inspected across each of your applications.
 
-- **Packet filtering firewalls** scrutinize each data packet as it travels through your network. Based on rules you configure, they decide whether to block the specific packet or not.
+- **Packet filtering firewalls** scrutinize each data packet as it travels through your network. they decide whether to block the specific packet or not based on rules you configure.
 
 - **Circuit-level firewalls** check whether TCP and UDP connections across your network are valid before data is exchanged. For example, this type of firewall might first check whether the source and destination addresses, the user, the time, and date meet certain defined rules. When these checks pass and a session starts, data is exchanged between parties without further scrutiny.
 
@@ -121,7 +121,7 @@ Firewalls can perform several different functions across your network:
 
 Firewalls help protect your network from the outside world. If you don't have a firewall set up:
 
-- An attacker could employ malware and take advantage of your bandwidth to use it for themselves.
+- Attackers could employ malware and take advantage of your bandwidth to use it for themselves.
 - Sensitive and private information about employees and clients could be stolen.
 - Your resources, devices, and the entire network could be held for ransom.
 
@@ -169,6 +169,6 @@ Configure **Azure virtual network service endpoints** so that critical Azure ser
 
 **Disable SSH/RDP** access whenever possible. These protocols are used to manage your virtual machines from a remote location, but attackers could attempt brute-force attacks if no proper protections are in place. Create a point-to-site VPN connection before enabling SSH/RDP for remote management.
 
-Use **load balancing** to improve the performance and availability of your network. When you use a load balancer, you distribute network traffic across the machines in your network. For example, if you have a couple of web servers that look after a website as part of your network, you can configure a load balancer to distribute the traffic between them. This way, you improve the performance and availability of the website.
+Use **load balancing** to improve your network's performance and availability. When you use a load balancer, you distribute network traffic across the machines in your network. For example, if you have a couple of web servers that look after a website as part of your network, you can configure a load balancer to distribute the traffic between them. This way, you improve the performance and availability of the website.
 
-A distributed denial-of-service (DDoS) attack overloads resources or services across your network so that they become unusable or inaccessible. **Azure DDoS Protection** provides automatic traffic monitoring and mitigating for DDoS attacks. You can interact with the service and enable additional features, like having access to DDoS experts, by upgrading to the Standard tier.
+A distributed denial-of-service (DDoS) attack overloads resources or services across your network so that they become unusable or inaccessible. **Azure DDoS Protection** provides automatic traffic monitoring and mitigation for DDoS attacks. You can interact with the service and enable additional features, like having access to DDoS experts, by upgrading to the Standard tier.