Network Security Group (NGS), Firewall and DDoS Protection

Defense in Depth

Concept is to enforce security through all the layers of your application

Security Layers

  • Data - i.e virtual network endpoint

  • Application - i.e API Management

  • Compute - i.e Limit Remote Desktop access, Windows Update

  • Network - i.e NSG, use of subnets, deny by default

  • Perimeter - i.e DDoS, Firewalls

  • Identity & access - i.e Azure AD

  • Physical - i.e Door locks and key cards

Network Security Group (NGS)

  • Basically a collection of ports that are allowed

  • NGS is a very simplistic set of rules

  • When used right you can turn of a lot of access

  • Denly by default

Azure Firewall

  • Is more of an intelligent device that will analyze traffic that comes in

  • Will analyze certain bad patterns

  • Example: Block SQL Injection attacks and XSS attacks

Azure DDoS Protection

PreviousAzure Network SecurityNextAzure Identity Services

Last updated