Following are some security policies which we can configure:
Inbound access on port 3389 or ssh shall not be allowed from Internet
No VM (IaaS) shall have a public IP address assigned
Monitor routes attached to subnets and flag alert if route is added or deleted
Monitor Application gateway and see if WAF remain enabled
Monitor NACL/SG attached to subnets/VM NIC and flag alert if something is added or deleted
Monitor AV & AM updates or ensure end user would not able to uninstall them
If 5 unsuccessful login attempt is observe in one hour source IP should be blocked on NACL/SG
Console sign in failure
Login as root
login without MFA
Apart from lot more.....
Please share the Security policy details which you want to configure I can work with you
Profile details:
I have exposure in managing the Networking, Security, DEVOPS parts in Azure and AWS clouds by their Native Security Controls and Third-Party OEM controls in different shared responsibilities Models that can be IAAS, PAAS, SAAS.
On AWS I have hands on IaC(Cloud Formation), DEVOPS(Lambda, Container and their Orchestration), Networking(VPC, Routes, SG, Gateways), firewalls (Third Party), Encryption, KMS, Security Hub, Guard Duty, IAM, S3, Load Balancers, Route53, Logging(VPC, Cloud Watch etc), WAF, DDOS, MFA, Session Manager, Workspace, VPN and many more.
12+ experience in Cyber-security include Cloud Security and Data Network.