AZ-104 Exam EP 16: Network Security Group

Introduction

This tutorial covers the essentials of Network Security Groups (NSGs) in Azure, focusing on their importance in managing network security for Azure resources. By the end of this guide, you'll understand how to create and manage NSGs effectively, ensuring your Azure environment is secure.

Step 1: Understanding Network Security Groups

• Definition: Network Security Groups are used to control inbound and outbound network traffic to Azure resources.
• Functionality: They contain security rules that allow or deny traffic based on various parameters such as source IP address, destination IP address, port, and protocol.
• Real-World Application: NSGs are crucial for protecting resources like virtual machines and ensuring compliance with security policies.

Step 2: Exploring NSG Rules

• Types of Rules: NSGs consist of two main types of rules:
  • Inbound Rules: Control incoming traffic to your resources.
  • Outbound Rules: Control outgoing traffic from your resources.
• Rule Priority: Each rule has a priority assigned (from 100 to 65000). Lower numbers have higher priority.

Step 3: Effective Rules in NSGs

• Effective Rules: Azure evaluates NSG rules based on a combination of rules from all NSGs applied to a network interface or subnet.
• Understanding Effective Rules:
  • Check the effective rules using Azure Portal or Azure CLI.
  • Be aware that multiple NSGs can be applied, and the most restrictive rule will apply.

Step 4: Creating NSG Rules

• Accessing NSGs:
  • Go to the Azure Portal.
  • Navigate to "Network Security Groups."
• Adding a Rule:
  1. Select the NSG you want to modify.
  2. Click on "Inbound security rules" or "Outbound security rules."
  3. Click on “Add” to create a new rule.
  4. Fill in the details:
     • Name: Give your rule a descriptive name.
     • Priority: Assign a priority number.
     • Source/Destination: Specify IP addresses or services.
     • Protocol: Choose TCP, UDP, or Any.
     • Port Range: Specify the port or range of ports.
     • Action: Choose Allow or Deny.
  5. Click "Add" to save the rule.

Step 5: Using Application Security Groups

• Definition: Application Security Groups (ASGs) are used to group similar resources together for easier management of NSG rules.
• Benefits:
  • Simplifies rule management by allowing you to apply rules to groups rather than individual resources.
  • Enhances security by logically organizing resources based on their function or application.

Conclusion

In this tutorial, we covered the fundamentals of Network Security Groups, including how to create and manage NSGs and their rules in Azure. Understanding and implementing NSGs is crucial for securing your Azure resources effectively. For further exploration, consider diving deeper into Application Security Groups and how they can simplify your network security management.