Network Security Groups (NSG) play a crucial role in securing the virtual environment within Azure. Azure provides various services to help users secure their applications and the infrastructure that users create.
What is Azure?
Azure is the leading cloud computing platform provided by Microsoft that offers various range of services and solutions for users to build, deploy, and manage applications on the pay-as-you-use module. To know more about Microsoft Azure refer to this Article – Azure Tutorials.
What are Azure Networks?
Azure networks are virtual networks that allow users to connect their organizational resources and services. All the things related to Azure Networks are monitored and maintained by Azure. So user has to just create their virtual networks, subnets, IP addresses, network interfaces, and other network components.
Traditional Server Management
Consider a scenario where we have five servers: three dedicated to handling web application traffic, one managing business logic, and an additional server hosting our database. As per our organization’s architectural decision, we segment these servers into subnets. For instance, one subnet is designated for microservices and web application traffic, while another subnet is dedicated to handling our data-tier applications. These subnets must reside within a virtual network.
Problem in Traditional Server Management
Without additional configuration, if we create an infrastructure in this manner, all incoming traffic from the internet would be allowed to reach all these servers, and inter-server communication would also be unrestricted. Consequently, every component could communicate with each other a situation we want to avoid. It’s imperative that internet traffic doesn’t reach our database, and not all services should have unrestricted communication with one another. This is where NSG comes into play.
Network Security Groups As A Solution
By placing a Network Security Group on the first subnet, we can permit traffic from the internet to reach our web-tier services. Simultaneously, by implementing an NSG on the second subnet, we can prevent internet traffic while still allowing communication from our internal services.
How Do Azure Network Security Groups Work?
NSG is a tool for activating rules that manage traffic to the Virtual networks. Within NSG, an inbound rule refers to incoming traffic requests, while an outbound rule relates to outgoing traffic requests. These rules align with our organizational policy, dictating the permissions for both incoming and outgoing access.
After the creation of NSG, there are default security rules that we can’t change, but we can override those rules with custom rules. By default, NSG allows inbound and outbound traffic from the same virtual network.
Best Practices For Implementing NSG in Azure
- Plan and design network topology and network security rules before the creation of a virtual network.
- Use descriptive tag names for NSG and security rules.
- Deny all traffic, then allow the necessary traffic for the network.
- Review and audit the network.
- Test the network before deploying
Create NSG in Azure Portal
Firstly Sign in to your Microsoft Azure Portal.Search for “Network Security Group” and click on respective.
Now, click on “Create,” fill in the details in the Azure Portal, and click on “Review + Create.” Finally, click on “Create.”
After successfully creation of NSG click on “Go to resource”.
To associate this NSG with a subnet or interface, click on the “Subnets” service interface from the left menu present under Settings section. Now, click on the “Associate” button and select a virtual network where you want to associate this NSG and click on OK.
Let’s See How The NSG Works In A Accessing Virtual Machine(VM)
Sign in to your Microsoft Azure Portal.Search for “Virtual Machine” and click on respective.
Click on “Create” and select “Azure Virtual Machine”.
Enter and choose the configuration for your VM. Pick the ‘Subscription’ and ‘Resource group’ for your VM. Provide a unique name for your VM and select the ‘Region’ where you want to host it. Choose the number of ‘availability zones’ for your VM. The crucial step is the Image selection; in this case, we are using a ‘Windows’ image, but you can select any you prefer. Now, pick a ‘Size’ based on your requirements. Enter a username and password for your VM. These credentials will allow you to access your VM from anywhere. For the inbound port rule, select ‘RDP’. Finally, click on “Review+create.”
After configuring the Virtual Machine resources, Review once the configuration of resources and Click on Create as confirmation to create the Virtual Machine.
Take a moment to check your VM configuration, then click on “Create.”
After creating the VM successfully, click on “Go to resource.”
Click on “Go to resource”
Click on “Connect” and then select “Download RDP file.”
Once connect the respective VM try on downloading the RDP File by clicking on “Download RDP file”
Click on the file you downloaded and provide the necessary permissions. Enter your VM password and click OK.
Congratulations! Now, in just a few seconds, you can access your VM.
.png)
Go to the “Network Settings” of your VM and delete the Inbound rule that we made. After that, try connecting to your VM again. You will encounter an error message stating that you don’t have access. This happens because the NSG is restricting access.
To regain access, we need to set up an inbound rule again. Navigate to “network settings,” click on “Create port rule,” then choose “inbound port rule.” Set the “Destination port ranges” to 3389, select the TCP protocol, and click on “add.”
Congratulations! Now, in just a few seconds, you can access your VM.
Video Demonstration of NSG with VM
This video shows how we use Azure Network Security Groups with Azure Virtual Machine. It demonstrates the process of connecting to the VM. When we delete our inbound rule, we are unable to connect to our VM. However, after creating an inbound rule specified during VM creation, we regain access to our VM.
Demo – Azure Network Security Groups using Virtual machine
Conclusion
In this article, we have observed the practical use of NSG by making changes in Virtual Machine configuration. Additionally, we discussed Traditional Server Management at the beginning and how to overcome it with NSG. We also covered best practices for implementing NSG and the steps to create NSG in the Azure portal
Azure Network Security Groups – FAQs
What Is Primary Role Of NSG?
NSGs are essential to the security of Azure’s virtual environment. They regulate inbound and outgoing traffic to and from Azure resources.
What Are The Inbound And Outgoing Rules In Network Security Groups?
An outbound rule in NSG handles outgoing traffic requests, whereas an inbound rule controls incoming traffic requests. These rules establish permissions for both inbound and out bound access, in accordance with organizational policies.
After The Creation Of NSG, Will It Allow Traffic From Outside The Virtual Network?
No, It only allows the traffic from where it is created or associated.
How We Can Associate Network Security Groups To Subnet?
To associate this NSG with a subnet, click on the “Subnets” service interface from the left menu present under Settings section. Now, click on the “Associate” button and select a virtual network where you want to associate this NSG and click on OK.
Do The Creation Of Network Security Groups is Necessary?
Yes, it is necessary to secure our network from the outside world.
Share your thoughts in the comments
Please Login to comment...