Network Security Group (NGS), Firewall and DDoS Protection
Defense in Depth
Concept is to enforce security through all the layers of your application
Security Layers
Data
- i.e virtual network endpointApplication
- i.e API ManagementCompute
- i.e Limit Remote Desktop access, Windows UpdateNetwork
- i.e NSG, use of subnets, deny by defaultPerimeter
- i.e DDoS, FirewallsIdentity & access
- i.e Azure ADPhysical
- i.e Door locks and key cards
Network Security Group (NGS)
Basically a collection of ports that are allowed
NGS is a very simplistic set of rules
When used right you can turn of a lot of access
Denly by default
Azure Firewall
Is more of an intelligent device that will analyze traffic that comes in
Will analyze certain bad patterns
Example: Block SQL Injection attacks and XSS attacks
Azure DDoS Protection
Last updated