Network Security Groups

Network Security Groups

Network Security Groups

Network Security Groups on Azure

Network Security Groups to perform segmentation in a virtual network (VNet). The feature also lets you control who enter and leaves a virtual machine connected to the VNet. This feature also allows the production of scenarios DMZ (demilitarized Zone).

It is common to have in a local network of the front-end servers (iis,…) positioned in DMZ and the database or other servers in the local network. This allows for example to secure the data of an application giving access only to a web server… Usually this server contains no data.

Several aspects are to be considered when establishing a Network Security Groups

  • A rule contains a couple of 5 parameters (address IP Source and destination, Port source and destination, Protocol).
  • The configured rules are said to be stateful. The rule allows traffic on a port (443, 80). However, it is not necessary to configure an outbound rule for the same port.
  • The Network Security Groups contain a default rule that allows a connection with the virtual network and outgoing (Internet).Rules users have priority over this default rules.
  • Each rule has a priority in the form of a digital value. The rule with a small value will be the highest priority.

Implementation of Network Security Groups

In the console Azure, click on other services then network security groups.

Network Security Groups - Access to the Azure portal

Click the Add button and enter the name you want. Selected the existing resource group and then click Create.

Network Security Groups -  Create Network Security Groups

The group resource is successfully created.

Network Security Group has been created

Any click on enter service to allow. Click on OK to validate the configuration.

Configure rules

Click Add, and then enter in name Default Rules. Type 4096 in the priority field. Enter * in Port Range and then click refuse in Action.

Add rules on Network Security Groups

The rules are now created correctly.

Add rules on Network Security Groups

Repeat the same operation for creating a rule to allow port 3389 (RDP).

Add rules

The rules has been created.

Rules on NSG

In the properties of the security group, click subnet and click Associate.

Add Subnet

Select the virtual network and subnet.

Network Security Groups

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.