Mastering Azure Security by Mustafa Toroman and Tom Janetscheck
Author:Mustafa Toroman and Tom Janetscheck
Language: eng
Format: epub
Publisher: Packt Publishing Pvt. Ltd.
Published: 2020-07-05T00:00:00+00:00
Understanding Azure Virtual Network
The first step in the transition from an on-premises environment to the cloud is Infrastructure as a Service (IaaS). One of the key elements in IaaS is Virtual Networks (VNets). VNets are a virtual representation of our local network with IP address ranges, subnets, and all other network components that we would find in local infrastructure. Recently, we have seen a lot of cloud network components introduced to on-premises networks as well, with the introduction of Software Defined Networking (SDN) in OS Windows Server 2016.
Before we start looking at VNet security, let's remember that naming standards should be applied to all Azure resources, and networking is no exception. As environments grow, this will help you have better control over your environment, easier management, and more insight into your security posture.
Each VNet that we create is a completely isolated piece of network in Azure. We can create multiple VNets inside one subscription, or even multiple VNets inside one region. There is no direct communication between any VNets, even those created inside a single subscription or region, unless configured otherwise. The first thing that needs to be configured for a VNet is the IP address range. The next thing we need is a subnet with its own range. One VNet can have multiple subnets. Each subnet must have its own IP address range within the VNet's IP address range and cannot overlap with other subnets in the same VNet.
One thing we need to consider when defining the IP address range is that it should not overlap with other VNets we use. Even when there is no initial requirement to create a connection between different VNets, this may become a requirement in the future.
Important note
VNets that have overlapping IP ranges will not be compatible for connection.
VNets are used for communication between Azure resources over private IP addresses. Primarily, they're used for communication between Azure Virtual Machines (VMs), but other resources can be configured to use private IP addresses for communication as well.
Communication between Azure VMs occurs over a network interface card (NIC). Each VM can be assigned one or more NICs, depending on the VM size. A bigger size allows more NICs to be associated with a VM. Each NIC can be assigned a private and public IP address. A private IP address is required and a public IP address is optional. As a NIC must have a private IP address, it must be associated with VNet and subnet on the same VNet.
As a first line of defense, we can use a network security group (NSG) to control traffic for Azure VMs. NSGs can be used to control inbound and outbound traffic. Default inbound and outbound rules are created during the NSG's creation, but we can change (or remove) these rules and create additional rules based on our requirements. The default inbound rules are shown in the following figure:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7144)
Grails in Action by Glen Smith Peter Ledbrook(7020)
Kotlin in Action by Dmitry Jemerov(4327)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(3934)
The Age of Surveillance Capitalism by Shoshana Zuboff(3075)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3009)
Blockchain Basics by Daniel Drescher(2602)
TCP IP by Todd Lammle(2383)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2285)
Mastering Python for Networking and Security by José Manuel Ortega(2255)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2195)
React Native - Building Mobile Apps with JavaScript by Novick Vladimir(2173)
The Art Of Deception by Kevin Mitnick(2071)
The Social Psychology of Inequality by Unknown(2045)
Blockchain: Ultimate Step By Step Guide To Understanding Blockchain Technology, Bitcoin Creation, and the future of Money (Novice to Expert) by Keizer Söze(1991)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(1790)
Networking A Beginner's Guide by Bruce Hallberg(1780)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1761)
Wireless Hacking 101 by Karina Astudillo(1707)
