Security is a very important aspect when dealing with creation of infrastructure & the same goes for azure too. All the virtual machines that we create in azure needs to be secured and NSG is one of the best way to secure the virtual machines created in Azure.
Network security group in Azure is nothing but helps with allowing & blocking of ports & services based on the IP address. So, suppose you want to connect to the virtual machines which you build on Azure only from your office premises than you can easily whitelist your office IP address in NSG blocking all other traffic. This way if any one wants to connect to the VM's outside the office premises then they will not be allowed to do that.
Below are the steps for creating a NSG -
Click on "Create a resource" & search for network security group, Click on Create -
Provide name, resource group & location & click on Create -
When the NSG is created successfully you will se some rules defined by default, Go to Inbound Security rules & the click on Add rules -
In Add rules we will add the rule to allow port 3389 from specific IP addresses.
Select Source as IP Address,
Source IP address/CIDR Range - Provide the ip address, you can just add the ipaddress if you only want to remote from an specific ip address or add the CIDR range if you want to remote the VM's from multiple ip address like 192.168.10.1/16.
Source port range - Leave it to the default ("*").
Destination - Any
Destination Port Range - 3389
Protocol - Any
Action - Allow
Priority - 100
Then click on add to add the rule.
Once the rule is added then it will show up in the NSG.
After this you can add this NSG to the NIC of the virtual machines that are created and by this only the it will allow connection to the virtual machine only from the mentioned IP address.
No comments:
Post a Comment