OSI Networking model
-
This is a theoritical model of network stack
-
Communication Model
- In Cloud we can restrict packets from entering subnets or network interfaces (firewall) and this happens on layer 4
Security Groups & Network ACLs in AWS
- Security Group acts at interface level where as Network ACL acts at Subnet level
- Security group in AWS has only allow rules
- Network ACL in AWS has both allow and deny rules, to resolve conflicts we have priority (lower the rule number higher the priority)
- Both Security Group and Network ACL have
- incoming rules (ingress/inbound)
- outgoing rules (egress/outbound)
- The default NACL will have a rule which allows everything (incoming as well outgoing)
- Whenever we create Security group all outbound is added but all incoming is blocked
- Each rule looks at the following
- ip (source ip/destination ip)
- protocol (tcp,udp, icmp)
- port
- In AWS Network ACL and Security Group are connected to VPC
Network Security Groups in Azure
- In Azure we can use NSG for both interface and subnet level.
- NSG has both allow and deny rules so it also has priority
- Generally when we have priority dont write sequential numbers (100,110)
- In Azure we can create NSG rules and apply them to multiple vnets
- Watch classroom recording
