From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection
Azure network security group - Microsoft Security Copilot Tutorial
From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection
Azure network security group
- [Narrator] A Network Security Group is an Azure service that filters network layer traffic within your virtual networks. After creating a network security group, or NSG, you can associate it with multiple subnets or network interfaces. So the same network security rules are applied to each of them. To create an NSG, you need to define security rules for both inbound and outbound network traffic. Here's an example of some default security rules used in NSGs. Each rule contains several properties, including priority presented by a number. The lower the number, the higher the priority. Meaning this rule will be assessed earlier. Once a rule matches the traffic, the process stops, and the remaining low priority-rules are skipped. Rule name, it should be unique and reflect its purpose. Port, it can be a single port number, like 80, or a range of ports. Network protocol, such as TCP, UDP, or any. Network traffic source and a destination. This can be an IP address, a range of IP addresses, a service tag, or application security groups. And finally, action. Do you want to allow or deny the traffic if the rule is applied? we can see the rule, allow Vnet inbound allows all inbound traffic with any ports and any protocols within the virtual network. However, there's another rule, deny all inbound, that denies all inbound traffic. So which rule will be applied? We need to check their priority numbers. Since they allow Vnet inbound rule has a lower number, it will be applied. The same logic also applies to outbound security rules. Now let's take a quick tour of Azure Network Security Groups. Here's a Network Security Groups page in the Azure portal. Select a Network Security Group. Under settings, you can configure its inbound security rules and outbound security rules. Click add, you can add a new security rule. Click network interfaces. We can associate this NSG with network interfaces. Click subnets. We can also associate it with multiple subnets.