Do you think IIT Guwahati certified course can help you in your career?
Introduction
Hello and welcome, readers! We hope that you are doing well.
Did you ever try to learn Azure Network Security but due to some circumstances, you could not make it? Don’t worry, Coding Ninjas is there to help you out.
Today in this article, we will discuss Azure Network Security with a proper explanation.
Our main focus of discussion would be Network Security in Azure and different security rules. We will start slowly with network security and move on with Azure Network Security rules. So, follow the article till the end.
So, Without any further ado, let’s start our discussion.
What is Azure Network Security?
Network Security is a process of protecting resources from unauthorised access by applying controls on the network traffic. Azure provides a powerful network infrastructure.
A Network Security Group(NSG) in Azure consists of certain security rules. These security rules allow or deny some inbound network traffic to and outbound network traffic from different types of our Azure resources that we will host in our Azure virtual network.
Security Rule Properties
As we discussed earlier, an Azure network security group consists of certain security rules. Each of these rules specifies the following properties:
The security rules are applied based on the five-tuple (source, source port, destination, destination port, and protocol) information. You can’t create two security rules with the same priority and direction.
Default Security Rules
Whenever we create NSG(Network Security Group), some default rules will get created. There are two types of default rules.
Inbound Security Rules
The inbound security rules are mentioned below:
AllowVNetInbound
This rule allows all the traffic from any resources within the VNet without any blocks. The property values of this rule are mentioned below:
AllowAzureLoadBalancerInbound
This rule allows traffic from the Azure load-balancer to any virtual machines within the network. The property values of this rule are mentioned below:
DenyAllInbound
This rule denies all the inbound traffic to the virtual machine and protects it from outside malicious access. The property values of this rule are mentioned below:
Outbound Security Rules
The outbound security rules are mentioned below:
AllowVNetOutBound
This rule allows traffic through any resource within VNet. The property values of this rule are mentioned below:
AllowInternetOutBound
This rule allows traffic originating from any resources in the VNet to the internet. The property values of this rule are mentioned below:
DenyAllOutBound
This rule denies all the non-explicitly allowed traffic. The property values of this rule are mentioned below:
These default rules can be removed or deleted, but you can override them by creating rules of higher priorities.
Augmented Security Rules
Augmented Security Rules simplify security definitions for virtual networks. You can only create these rules in a network security group(NSG) created through the resource Manager virtual model. It allows you to specify complex and larger security policies with fewer possible rules to manage network traffic in Azure. Italso allows you to specify multiple ports and individual IP addresses and ranges into a single, easily understandable security rule.
These security rules are particularly useful for services with hundreds of IP addresses that you can easily manage with a single security rule.
Service Tags
A service tag represents a group of IP address prefixes that helps minimise the complexity of frequent updates for the network security rules. You can’t create your service tag, nor you can specify IP addresses within a service tag. Microsoft manages all these things and automatically updates them as address changes.
Service tags can define network access controls on NSG(Network Security Groups) or Azure Firewall. Service tags can also be used in place of the IP addresses while creating security rules.
The Service tags are suitable for the inbound or outbound traffic regional scope and Azure Firewall rules.
Application Security Groups
Application security groups let you configure network security as a natural extension of the structure of an application. It lets you group virtual machines and define network security policies based on those groups. You can reuse the security policies without maintaining the explicit IP addresses manually.
Frequently Asked Questions
What do you mean by network security groups?
A Network Security Group(NSG) in Azure consists of certain security rules. These security rules allow or deny some inbound network traffic to and outbound network traffic from different types of our Azure resources that we will host in our Azure virtual network.
How many rules are allowed per NSG in Azure?
The standard Azure subscription can contain up to 5000 NSGs, and each NSG can have a maximum of 1000 rules.
What is @azurerm_network_security_group?
@azurerm_network_security_group is a security group that manages a network security group that consists of a list of network security rules.
What do you mean by Service Tag in Azure?
In Azure, a service tag represents a group of IP address prefixes that helps minimise the complexity of frequent updates for the network security rules.
Conclusion
In this article, we have extensively discussed the concept of Azure Network Security.
519+ registered 
