What you need to know about Azure Network Security Groups and Application Security Groups

This video covers what you need to know about Azure Network Security Groups and Application Security Groups.  I started with the idea of a quick video on Network Security groups.  Things snowballed from there, and it ended up being a comprehensive review of Network Security Groups (NSG) and application Security Groups (ASG).  I also added some bonus content on verifying IP flow with Network Watcher.  This video is intended as an introduction to NSG’s.  However, stick around even if you’ve used NSG’s for a while.  There may be some new information here for you.

Continue reading “What you need to know about Azure Network Security Groups and Application Security Groups”

Dynamic Blocks in Terraform with Azure

Resources in Terraform are deployed as top-level resources.  A server or App Service plan for example.  These top-level resources include inline, or sub-resources; blocks of code that configure the top-level resource. In this blog post and video, we use a Network Security Group (NSG) as a Dynamic block example by creating multiple security rules as inline or sub-resources.

Continue reading “Dynamic Blocks in Terraform with Azure”

Azure VM and Internet Access

I recently worked on a project to deploy several VM’s in Azure.  One of the requirements for this was to block all internet access from the Azure VM’s.  This is a prudent step in securing an environment; preventing malicious code from web based threats.

Update 1/2018 – Microsoft has implemented NSG Service Tags for storage and Azure SQL.  Information on that is located here.  Additional information and the opportunity to vote on adding other services can be found here.

 

To accommodate this, a Network Security Group (NSG) was created and applied to the VM Subnet.  Several rules were applied, including one similar to the picture below.  The rule simply blocked traffic from the VirtualNetwork out to the Internet on any source or destination port.

InternetBlock
After the rule was put in place and tested I began to setup the rest of the environment.  Right away I ran into trouble, the VM’s took up to 30 minutes to deploy and errored out with the message “New-AzureRmVm : Long Running Operation Failed with status ‘Failed’. Continue reading “Azure VM and Internet Access”