About Me
Azure Administrator Associate (AZ-104)
1 Manage Azure identities and governance
1-1 Manage Azure AD objects
1-2 Manage role-based access control (RBAC)
1-3 Manage subscriptions and governance
2 Implement and manage storage
2-1 Manage storage accounts
2-2 Manage blob storage
2-3 Manage disk storage
2-4 Manage file shares
2-5 Implement Azure Backup
3 Deploy and manage Azure compute resources
3-1 Manage virtual machines (VMs)
3-2 Manage VM extensions
3-3 Manage virtual machine scale sets (VMSS)
3-4 Manage Azure App Services
3-5 Manage Azure Container Instances (ACI)
3-6 Manage Azure Kubernetes Service (AKS)
4 Configure and manage virtual networking
4-1 Manage Azure virtual networks
4-2 Manage network security groups (NSGs)
4-3 Manage Azure DNS
4-4 Manage Azure load balancers
4-5 Manage Azure Application Gateway
4-6 Manage Azure VPN Gateway
4-7 Manage Azure ExpressRoute
4-8 Manage Azure Traffic Manager
4-9 Manage Azure Content Delivery Network (CDN)
5 Monitor and back up Azure resources
5-1 Monitor resources using Azure Monitor
5-2 Implement and manage Azure Backup
5-3 Implement and manage Azure Site Recovery
5-4 Implement and manage Azure Security Center
5-5 Implement and manage Azure Update Management
Manage Network Security Groups (NSGs)

Manage Network Security Groups (NSGs)

Key Concepts

Network Security Groups (NSGs)

Network Security Groups (NSGs) are virtual firewalls that control inbound and outbound traffic to Azure resources within a virtual network. NSGs contain security rules that allow or deny traffic based on source and destination IP addresses, ports, and protocols.

Think of NSGs as security guards at the entrance of a building. They check every incoming and outgoing person (data packet) against a list of rules to decide whether to let them in or out.

Security Rules

Security rules in NSGs define the traffic that is allowed or denied. Each rule specifies the following attributes: priority, direction (inbound or outbound), protocol, source and destination address prefixes, source and destination ports, and action (allow or deny). Rules are evaluated in order of priority, with lower numbers evaluated first.

Example: A security rule might allow inbound HTTP traffic (port 80) from any source to a web server, while denying all other inbound traffic. This is like a security guard allowing only delivery trucks (HTTP traffic) to enter a specific loading dock (web server).

Default Security Rules

Default security rules are automatically created in every NSG to provide basic security. These rules cannot be modified but can be overridden by creating custom rules with higher priority. Default rules include allowing traffic within the same virtual network and denying all inbound traffic from the internet.

Analogy: Default security rules are like standard operating procedures in a building. They ensure basic security measures are in place, such as allowing employees to move freely within the building but restricting access to outsiders.

Associating NSGs with Resources

NSGs can be associated with subnets or individual network interfaces (NICs). When associated with a subnet, the NSG rules apply to all resources within that subnet. When associated with a NIC, the rules apply only to that specific NIC, regardless of the subnet.

Example: Associating an NSG with a subnet is like placing a security guard at the entrance of a department, ensuring all employees and visitors follow the rules. Associating an NSG with a NIC is like placing a security guard at a specific desk, ensuring only authorized personnel can access that desk.

Conclusion

Managing Network Security Groups (NSGs) involves understanding and effectively using NSGs, security rules, default security rules, and associating NSGs with resources. By leveraging these features, you can ensure that your Azure resources are secure and traffic is controlled according to your organization's policies.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.