Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

Azure Network Security Groups

Network Security Groups (NSG) play a crucial role in securing the virtual environment within Azure. Azure provides various services to help users secure their applications and the infrastructure that users create.

What is Azure?

Azure is the leading cloud computing platform provided by Microsoft that offers various range of services and solutions for users to build, deploy, and manage applications on the pay-as-you-use module. To know more about Microsoft Azure refer to this Article – Azure Tutorials.



What are Azure Networks?

Azure networks are virtual networks that allow users to connect their organizational resources and services. All the things related to Azure Networks are monitored and maintained by Azure. So user has to just create their virtual networks, subnets, IP addresses, network interfaces, and other network components.

Traditional Server Management

Consider a scenario where we have five servers: three dedicated to handling web application traffic, one managing business logic, and an additional server hosting our database. As per our organization’s architectural decision, we segment these servers into subnets. For instance, one subnet is designated for microservices and web application traffic, while another subnet is dedicated to handling our data-tier applications. These subnets must reside within a virtual network.



Problem in Traditional Server Management

Without additional configuration, if we create an infrastructure in this manner, all incoming traffic from the internet would be allowed to reach all these servers, and inter-server communication would also be unrestricted. Consequently, every component could communicate with each other a situation we want to avoid. It’s imperative that internet traffic doesn’t reach our database, and not all services should have unrestricted communication with one another. This is where NSG comes into play.

Network Security Groups As A Solution

By placing a Network Security Group on the first subnet, we can permit traffic from the internet to reach our web-tier services. Simultaneously, by implementing an NSG on the second subnet, we can prevent internet traffic while still allowing communication from our internal services.

How Do Azure Network Security Groups Work?

NSG is a tool for activating rules that manage traffic to the Virtual networks. Within NSG, an inbound rule refers to incoming traffic requests, while an outbound rule relates to outgoing traffic requests. These rules align with our organizational policy, dictating the permissions for both incoming and outgoing access.

After the creation of NSG, there are default security rules that we can’t change, but we can override those rules with custom rules. By default, NSG allows inbound and outbound traffic from the same virtual network.

Best Practices For Implementing NSG in Azure

Create NSG in Azure Portal

Firstly Sign in to your Microsoft Azure Portal.Search for “Network Security Group” and click on respective.

Now, click on “Create,” fill in the details in the Azure Portal, and click on “Review + Create.” Finally, click on “Create.”

After successfully creation of NSG click on “Go to resource”.

To associate this NSG with a subnet or interface, click on the “Subnets” service interface from the left menu present under Settings section. Now, click on the “Associate” button and select a virtual network where you want to associate this NSG and click on OK.

Let’s See How The NSG Works In A Accessing Virtual Machine(VM)

Sign in to your Microsoft Azure Portal.Search for “Virtual Machine” and click on respective.

Click on “Create” and select “Azure Virtual Machine”.

Enter and choose the configuration for your VM. Pick the ‘Subscription’ and ‘Resource group’ for your VM. Provide a unique name for your VM and select the ‘Region’ where you want to host it. Choose the number of ‘availability zones’ for your VM. The crucial step is the Image selection; in this case, we are using a ‘Windows’ image, but you can select any you prefer. Now, pick a ‘Size’ based on your requirements. Enter a username and password for your VM. These credentials will allow you to access your VM from anywhere. For the inbound port rule, select ‘RDP’. Finally, click on “Review+create.”

After configuring the Virtual Machine resources, Review once the configuration of resources and Click on Create as confirmation to create the Virtual Machine.

Take a moment to check your VM configuration, then click on “Create.”

After creating the VM successfully, click on “Go to resource.”

Click on “Go to resource”

Click on “Connect” and then select “Download RDP file.”

Once connect the respective VM try on downloading the RDP File by clicking on “Download RDP file”

Click on the file you downloaded and provide the necessary permissions. Enter your VM password and click OK.

Congratulations! Now, in just a few seconds, you can access your VM.

Go to the “Network Settings” of your VM and delete the Inbound rule that we made. After that, try connecting to your VM again. You will encounter an error message stating that you don’t have access. This happens because the NSG is restricting access.

To regain access, we need to set up an inbound rule again. Navigate to “network settings,” click on “Create port rule,” then choose “inbound port rule.” Set the “Destination port ranges” to 3389, select the TCP protocol, and click on “add.”

Congratulations! Now, in just a few seconds, you can access your VM.

Video Demonstration of NSG with VM

This video shows how we use Azure Network Security Groups with Azure Virtual Machine. It demonstrates the process of connecting to the VM. When we delete our inbound rule, we are unable to connect to our VM. However, after creating an inbound rule specified during VM creation, we regain access to our VM.

Demo – Azure Network Security Groups using Virtual machine

Conclusion

In this article, we have observed the practical use of NSG by making changes in Virtual Machine configuration. Additionally, we discussed Traditional Server Management at the beginning and how to overcome it with NSG. We also covered best practices for implementing NSG and the steps to create NSG in the Azure portal

Azure Network Security Groups – FAQs

What Is Primary Role Of NSG?

NSGs are essential to the security of Azure’s virtual environment. They regulate inbound and outgoing traffic to and from Azure resources.

What Are The Inbound And Outgoing Rules In Network Security Groups?

An outbound rule in NSG handles outgoing traffic requests, whereas an inbound rule controls incoming traffic requests. These rules establish permissions for both inbound and out bound access, in accordance with organizational policies.

After The Creation Of NSG, Will It Allow Traffic From Outside The Virtual Network?

No, It only allows the traffic from where it is created or associated.

How We Can Associate Network Security Groups To Subnet?

To associate this NSG with a subnet, click on the “Subnets” service interface from the left menu present under Settings section. Now, click on the “Associate” button and select a virtual network where you want to associate this NSG and click on OK.

Do The Creation Of Network Security Groups is Necessary?

Yes, it is necessary to secure our network from the outside world.


Article Tags :
Geeks Premier League
Microsoft Azure
Recommended Articles
1. Microsoft Azure - Get Unused App Service Plans and Resource Groups in Azure Portal
2. Microsoft Azure - Get Azure VM Properties using Azure PowerShell
3. Microsoft Azure - RDP to Azure Virtual Machines using Azure Bastion
4. Microsoft Azure - Configure Azure SQL with Azure CLI
5. Microsoft Azure - Get CPU Utilization Data of a Azure VM in Azure Portal
6. Microsoft Azure - Archive Azure VM to Azure Storage Account
7. Microsoft Azure - Check Status of Azure VM using Azure PowerShell
8. Microsoft Azure - Azure VM Disk Space in Percentage using Azure KQL
9. Microsoft Azure - Enable Azure Monitor VM Insights Agent For Azure VM
10. Microsoft Azure - Azure CLI Commands to Manage Azure VMs
11. Microsoft Azure - Manage Azure VMs using Azure PowerShell Commands
12. Microsoft Azure - Query Azure Storage Logs in Azure Monitor Log Analytics
13. Microsoft Azure - Install Azure Command Line Interface (Azure CLI)
14. Microsoft Azure - Application Security with Azure Active Directory
15. Microsoft Azure - Security Capabilities and Tasks of Azure SQL
16. Microsoft Azure - Security in Azure SQL
17. Microsoft Azure - Find Security Score by Controls in Azure Subscriptions
18. Microsoft Azure - Map a Network File Share to Azure Windows VM
19. Microsoft Azure - Moving Resources Among Groups
20. Microsoft Azure - Get Management Groups Information Using KQL
21. Microsoft Azure - Azure Managed Disk State Details using PowerShell
22. Microsoft Azure - Introduction to Azure Digital Twins
23. Microsoft Azure - Enable Linux System Logs in Azure for Monitoring
24. Microsoft Azure - Enable Linux Performance Counters in Azure for Monitoring
25. Microsoft Azure - Introduction to Azure Sentinel