One of the things I recommend to clients when they are starting to set up their Azure subscriptions, is to have a basic strategy in mind when it comes to network security. The sooner in your project that you plan this out, the less rework you’ll have down the road.
Today, I’d like to talk about Network Security Groups (NSGs) and how you use them to secure your Azure environment. Network Security Groups are similar to an on-prem rule set or access control list you’d have on your firewall. It’s a way to define in/out bound rules within your Azure environment.
So, similarly, start by setting up the basics, like a rule that blocks all traffic coming in except for particular traffic protocols or ports that we want to come in. What’s different with Azure is where we can set these rules up. With Azure, we can set those up on our subnet, VM or our NIX. And this is where we want to implement some of our strategy earlier rather than later.
A common thing I see when clients are starting out is they apply too many different NSGs within their environment. What you want to do is take advantage of the fact that you can reuse a Network Security Group, in other words, take one NSG and apply it to multiple subnets, so you have one centralized place to control those rules.
Again, have a strategy in mind about how you want to implement this in your enterprise as you deploy your Azure environments. Spend a little time on your network security strategy and save time on rework in the future. If you’d like to learn how we strategized with other clients and introduced them to best practices, click the link below—we’d love to help.