Securing Network Connectivity

• All the resources and services on Azure, are connected with a network in order to connect with Users, Processors, and other Azure services. This network connectivity must be secured.
• We’ll see some azure products and services that are used for securing Azure networks and their connected services.

Azure Firewall

• Certain rules in the firewall protect the network from traffic that is not allowed.
• A firewall is a set of rules that decides whether network traffic is allowed to access the service or device attached to the network.
• Firewalls come in many versions and sizes, both in software and hardware incarnations and for small, big, and huge networks.
• A firewall is a must-have part of any network that takes security seriously.

DDoS (Distributed Denial of Security Attacks)

• This is one of the most common attacks on services on the internet.
• Example:
  • Let’s say you have a web application running on a server and this server can handle only 2000 requests at a time.
  • If there is a sudden increase in the user at the same time (Let’s say 10,000), the server will try to respond to every request and will eventually crash.
  • If this is done on purpose to take the server out, it is called a denial-of-service attack.

• Sometimes the attack is distributed, meaning it comes from many different sources or computers.
• DDoS: So, a DDoS attack is lots of computers targeting a single server or website with the aim of taking it down.

DDoS Protection Service

• To protect against DDoS, Azure has the DDoS Protection service.
• This service has various levels of protection, depending on what your needs are for your application.
• At its core, Azure detects the DDoS attack and deflects it away from your service.
• This is done without any interruption to your application due to Azure's global presence.
• They can simply catch and mitigate the attack from anywhere in the world.

NSG (Network Security Groups)

• Definition: A network security group, often called NSG, is a set of rules for who and what can access any resource attached to the NSG.
• Think of these as personal firewalls for the resources you are using.
• You can attach an NSG to any virtual network, subnet, or network interface which is attached to a virtual machine.

• For example, if you have a virtual machine that is on a virtual network, the network can be behind a firewall protecting everything on the network, and then the VM can have its own network security group to define specific rules for just that machine.
• So, everything is behind a firewall, but the VM has an extra layer of security, which is its own network security group.

Azure Application Security Group

• An extension of NSGs that can help you secure your Azure services is an application security group.
• Where an NSG, or network security group, will protect and monitor traffic to a specific network or virtual machine, an application security group will (well, as the name implies) protect an application.
• This could be your website or the Azure function app.
• Application security groups let you configure your network security as a natural extension of an application's structure.
• You can group virtual machines and define network security policies based on your application and its components instead of using an explicit IP address.