Azure NSG, DDOS, Firewall
Last updated
Last updated
Azure NSG (Network Security Group) is a network security tool in Azure that controls inbound and outbound traffic to network interfaces (NIC), virtual machines (VMs), and subnets. It helps protect resources by filtering traffic based on specified rules.
Inbound Rules: Define the allowed or denied traffic coming into a network interface or subnet from external sources.
Outbound Rules: Define the allowed or denied traffic leaving a network interface or subnet to external destinations.
NSGs are used to enforce security policies and restrict access to resources in a virtual network.
Azure DDoS Protection provides defense against Distributed Denial of Service (DDoS) attacks, helping to ensure the availability and security of your applications and services. There are two tiers:
Basic Tier:
Description: Included at no extra cost with every Azure subscription, it provides automatic protection against common network-level DDoS attacks.
Features: Basic DDoS protection includes detection and mitigation of attacks, but offers limited monitoring and reporting.
Standard Premium Tier:
Description: A paid service offering enhanced DDoS protection for more critical applications.
Features: Includes advanced features like real-time attack analytics, adaptive tuning, and integration with Azure Monitor for detailed insights. It also provides additional mitigation capabilities, including protection against larger and more sophisticated attacks.
The Standard Premium tier provides a higher level of protection and detailed reporting, making it suitable for mission-critical workloads.
Azure Firewall is a cloud-native network security service that helps protect Azure Virtual Networks by filtering and controlling traffic based on a set of rules. Here are key features:
Built-in HA & Availability Zones: Azure Firewall is designed with High Availability (HA) by default, ensuring it remains available during failures. It supports Availability Zones to distribute firewall resources across different physical locations within a region, providing resilience and improved fault tolerance.
Outbound SNAT & Inbound DNAT:
Outbound SNAT (Source Network Address Translation): Allows resources within a private network to communicate with the internet using the public IP address of the firewall.
Inbound DNAT (Destination Network Address Translation): Enables external users to access internal resources by mapping external public IP addresses to private IP addresses of resources inside the network.
Threat Intelligence: Azure Firewall integrates Threat Intelligence to detect and block traffic from known malicious IP addresses, improving security by providing real-time protection against threats.
FQDN Conversion Support: It supports Fully Qualified Domain Name (FQDN) filtering, which allows firewall rules to be based on domain names instead of IP addresses. This is helpful for dynamically managing access to cloud services that may use changing IP addresses.
Integratable with Azure Monitor: Azure Firewall can be integrated with Azure Monitor for logging and metrics, providing detailed insights into network traffic, security events, and firewall performance. This enables administrators to monitor, analyze, and respond to security incidents effectively.
Azure Web Application Firewall (WAF) is a cloud-based security service that protects web applications from common threats and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and other OWASP top 10 threats. It is typically deployed with Azure Application Gateway or Azure Front Door for application-level protection.
Protection Against Common Web Vulnerabilities: It helps protect web apps from a range of security threats, including OWASP top 10 vulnerabilities (e.g., SQL injection, XSS, etc.).
Customizable Rules: Azure WAF provides default protection rules but also allows users to create custom rules to fit specific application needs.
Real-Time Monitoring and Logging: Integration with Azure Monitor for real-time monitoring, logging, and detailed insights into the traffic patterns and attacks.
Bot Protection: Protects applications from malicious bots by blocking known malicious IP addresses and applying rate-limiting.
Managed Rules: Includes a set of pre-configured, managed rules that are automatically updated to guard against the latest web vulnerabilities.
Easy Integration: Can be deployed easily with Azure Application Gateway, Azure Front Door, or as part of other Azure services, providing flexible protection for applications.
Azure WAF is an essential tool for securing web applications hosted on Azure, protecting them from common exploits and ensuring compliance with security best practices.
