Azure Classroomnotes 07/Feb/2023

Network Security Groups

  • Refer Here for official docs.
  • This is used to filter network traffic to azure resources
  • We can filter traffic based on direction, Protocols, Port, Source/Destination IP Range
    • incoming
    • outgoing
  • Protocols:
    • TCP
    • UDP
    • ICMP
    • ESP
    • AH
  • Port
  • Source/Destination IP Address/Range
  • How it works

    • NSG has rules, lower the number higher the priority.
    • When a packet arrives NSG evaluates the packets (source ip, protocol, port) and then Allows/denies the packet according
    • Once the match is found it will not evaluate the next rules.
    • If the rule is not matched it tries to process the next rule
  • Rules which we write will have number between 100 and 4096
  • Default NSG Rules:

    • Incoming
      • Allow all communication with in vnet
      • Allow Connections from load balancer
      • Any thing else deny
    • Outgoing
      • Allow all communications within vnet
      • Allow internet access
      • Rest Deny
  • When authoring rules ensure we dont start from 100 pick some number like 300 or 1000 etc so that we have an option to add more rules at the top
  • Between two rules ensure that the rule number is not consequent number (i.e. 300,301). Try to have some gap so that we can fill any future needs (300 310)
    Preview
  • NSG’s can be attached to network intefaces or subnets

Reference – Popular Ports

  • There are 65,535 possible port numbers, although not all are in common use. Some of the most commonly used ports, along with their associated networking protocol, are:
  • Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
  • Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
  • Port 25: Historically, Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
  • Port 53: Domain Name System (DNS). DNS is an essential process for the modern Internet; it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
  • Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
  • Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
  • Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast which IP addresses they control.
  • Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
  • Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
  • Port 587: Modern, secure SMTP that uses encryption.
  • Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube