Latest Posts

Securing Network Connectivity

Securing Network Connectivity

  • All the resources and services on Azure, are connected with a network in order to connect with Users, Processors, and other Azure services. This network connectivity must be secured.
  • We’ll see some azure products and services that are used for securing Azure networks and their connected services.

Azure Firewall

  • Certain rules in the firewall protect the network from traffic that is not allowed.
  • A firewall is a set of rules that decides whether network traffic is allowed to access the service or device attached to the network.
  • Firewalls come in many versions and sizes, both in software and hardware incarnations and for small, big, and huge networks.
  • A firewall is a must-have part of any network that takes security seriously.

DDoS (Distributed Denial of Security Attacks)

  • This is one of the most common attacks on services on the internet.
  • Example:
    • Let’s say you have a web application running on a server and this server can handle only 2000 requests at a time.
    • If there is a sudden increase in the user at the same time (Let’s say 10,000), the server will try to respond to every request and will eventually crash.
    • If this is done on purpose to take the server out, it is called a denial-of-service attack.
  • DDoS Attack Example
  • Sometimes the attack is distributed, meaning it comes from many different sources or computers.
  • DDoS: So, a DDoS attack is lots of computers targeting a single server or website with the aim of taking it down.

DDoS Protection Service

  • To protect against DDoS, Azure has the DDoS Protection service.
  • This service has various levels of protection, depending on what your needs are for your application.
  • At its core, Azure detects the DDoS attack and deflects it away from your service.
  • This is done without any interruption to your application due to Azure's global presence.
  • They can simply catch and mitigate the attack from anywhere in the world.

NSG (Network Security Groups)

  • Definition: A network security group, often called NSG, is a set of rules for who and what can access any resource attached to the NSG.
  • Think of these as personal firewalls for the resources you are using.
  • You can attach an NSG to any virtual network, subnet, or network interface which is attached to a virtual machine.
  • Network Security Groups
  • For example, if you have a virtual machine that is on a virtual network, the network can be behind a firewall protecting everything on the network, and then the VM can have its own network security group to define specific rules for just that machine.
  • So, everything is behind a firewall, but the VM has an extra layer of security, which is its own network security group.

Azure Application Security Group

  • An extension of NSGs that can help you secure your Azure services is an application security group.
  • Where an NSG, or network security group, will protect and monitor traffic to a specific network or virtual machine, an application security group will (well, as the name implies) protect an application.
  • This could be your website or the Azure function app.
  • Application security groups let you configure your network security as a natural extension of an application's structure.
  • You can group virtual machines and define network security policies based on your application and its components instead of using an explicit IP address.

We value your Feedback:

Page URL:







Securing Network Connectivity
© 2024 Code SharePoint