VNet Security Groups

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture, we're going to be talking
00:00
about VNet security groups.
00:00
The learning objectives for this lesson are going to
00:00
be to understand what security groups are,
00:00
understand how network security group assignment
00:00
and evaluation works,
00:00
how these security rules are interpreted and applied.
00:00
Network security groups are
00:00
a security control that are applied
00:00
>> for virtual networks.
00:00
>> You're going to see something pretty
00:00
common whenever you're
00:00
dealing with any type of Cloud environments.
00:00
This is a firewall or
00:00
just a protocol and ports
00:00
evaluator to help secure
00:00
what data goes into a virtual network.
00:00
To wrap up what this is at a very basic level,
00:00
it's just a filter that can
00:00
analyze type of traffic
00:00
that's going into a virtual network.
00:00
Based on the rules that you configure,
00:00
it will allow or deny the traffic to go in.
00:00
I should also mention that whatever you do allow,
00:00
the NSG or the Network Security Group is going
00:00
to evaluates the rules based on priorities.
00:00
You set a numerical value,
00:00
and that numerical value does
00:00
represent the priority of the rule,
00:00
and whatever is essentially
00:00
at the top is going to be prioritized.
00:00
Whatever is at the top or has
00:00
the higher numerical value is going to be
00:00
prioritized versus those at the bottom.
00:00
It's really easy for you to
00:00
focus on the ports and protocols that matter,
00:00
because you can just increase the value.
00:00
It really is just as simple as
00:00
setting the numerical value higher than the others.
00:00
If you need to adjust priority,
00:00
you can just go back into the console,
00:00
drop the number down,
00:00
and increase the other number
00:00
to prioritize the other protocol.
00:00
Or whether you're trying to deny it or whatever it be,
00:00
and this is going to make a lot more sense
00:00
when we get into the lab.
00:00
But in this lecture,
00:00
I just want to talk to these points
00:00
>> in theory before you
00:00
>> actually dive into the hands-on lab and
00:00
start building out a network security group.
00:00
Moving along a little bit,
00:00
this illustration does represent
00:00
how the network security group
00:00
interacts with your environment.
00:00
If we were looking at this blue box here,
00:00
which represents the virtual network or the VNets.
00:00
Within we have a couple of
00:00
gray boxes which represent these subnets.
00:00
We are slicing up our VNet into three isolated subnets.
00:00
It looks like here that they are all interacting
00:00
with the public Internet over port 80.
00:00
Now we have NSGs,
00:00
and those are the shields which we see here.
00:00
You can apply them at
00:00
both the subnet level or the NIC level,
00:00
and that's what we're seeing here.
00:00
We have the shield here for NSG that's closest to
00:00
the NIC or the virtual network interface card.
00:00
That's to represent that,
00:00
we do have an NSG applied on
00:00
the VNIC and that is possibly you can't do that.
00:00
You can also apply it on the subnet.
00:00
Now it's not recommended,
00:00
this is just like industry knowledge here.
00:00
It's not recommended that you apply it at both levels,
00:00
but if you need to, you can do that.
00:00
Network security groups are going to evaluate
00:00
the allow and disallow
00:00
rules based on the five
00:00
tuple information that you insert.
00:00
This goes back to our networking concepts.
00:00
Source, source port,
00:00
destination, destination port,
00:00
>> and the type of protocol.
00:00
>> What I mean by destination and source?
00:00
I mean IP addresses or DNS',
00:00
but more than likely is going to be IP addresses.
00:00
You can evaluate these,
00:00
allow and disallow rules based off of this information.
00:00
NSGs are stateful, so whatever you say is allowed or
00:00
disallowed is going to be explicit
00:00
for both data going outbound and inbound.
00:00
You only have to list it once
00:00
>> as a rule within the network security group,
00:00
>> so just keep that in mind.
00:00
Like I said, NSGs can be applied
00:00
both at the NIC level or the subnet level.
00:00
This was a really quick one just to
00:00
summarize on what NSGs are and to give
00:00
you a little bit of a picture
00:00
using the illustration and how it works.
00:00
But really, I think I'm a big advocate when it
00:00
comes to trying to gain experience with hands-on.
00:00
This was a really quick lecture to just
00:00
talk about NSGs and what they are.
00:00
But I'm a really big advocate
00:00
for learning through experience.
00:00
What we're going to do next now
00:00
that we've talked about this in theory,
00:00
is we're going to go into the next lesson
00:00
and actually apply this.
00:00
You're going to be jumping into a lab and you're
00:00
going to actually be standing up
00:00
your own network security group.
00:00
In there, I want you to pay attention to
00:00
the different options that you have for
00:00
configurations of your network security group.
00:00
They're going to walk you step by
00:00
step through the process,
00:00
you'll get to see how to do it.
00:00
But then you can also look
00:00
for different ways that you can break it.
00:00
This is a sandbox environment.
00:00
Whenever you're dealing with a lab,
00:00
if you aren't doing this already,
00:00
I highly recommend that you explore.
00:00
Because if you break the lab and it doesn't work,
00:00
you can always turn it off, refresh,
00:00
and turn it back on,
00:00
and you're in a new ecosystem where you
00:00
can just continue to work in there and learn.
00:00
That's what we're here for, we're trying to learn.
00:00
We want to pass the certification,
00:00
>> and more importantly,
00:00
>> we want to walk away with
00:00
new knowledge that we can apply
00:00
>> in our everyday life.
00:00
>> Make sure that you're in the lab
00:00
>> and you're doing that.
00:00
>> That you're using and abusing as you need to
00:00
in order to understand
00:00
the concepts that we're trying to learn.
00:00
When you're going in there, explore
00:00
the different features that are available to
00:00
you within network security groups
00:00
and test them out and see how it works.
00:00
All right, that wraps up this lecture,
00:00
I'll see you guys in the next one.
Up Next
Configure Network Security Groups (NSGs) to Allow Application and Database Traffic Lab
1h 30m
Azure Network Security Lab
2h