Security in Azure VNET
Basic Overview of Security
- NSGs can be applied at VM level and also at subnet level
What does NSG Consists of and How to create and configure NSG
- NSG Consists of rules. Two rules are present
- Incoming (Inbound, Ingress)
- Outgoing (Outbound, Egress)
- Each rule has the following
- Priority: Whats the priority of the rule. Lower the number higher the priority.
- Source IP Range: Ip Range of Source of Network Packet.
- Destination IP Range: Ip Range of Destination
- Protocol: TCP, UDP, ICMP ….
- Source Port: Traffic Sources Port
- Destination Port: Traffic’s Destination Port
- Action: ALLOW or DENY
- Creation
- Portal
- CLI
- Powershell
How NSG Evaluates Incoming Traffic
- Whenever a packet is received, Rule evaluation starts by picking highest priority rule (rule with Priority Number the least among rules)
- Checks whether the mentioned Source IP matches the Packet. If no go the next highest priority rule
- Check whether the Protocol is matching. If no go the next highest priority rule
- Checks wheter the Destination Port is matching. If no go the next highest priority rule
- Since the rule is written for this packet Action is executed. (ALLOW or DENY)
Attaching NSGS to Subnets and VM’s
todo: Add necessary links
Application Security Groups
- Creating an Application Security Group.
