Network Security Group

Network Security GroupLast Updated:  14th August 2023

Network Security Group

Introduction

A Network Security Group (NSG) in Microsoft Azure is a feature that provides customisable security rules to control traffic to network interfaces (NICs), virtual machines (VMs), and subnets. The purpose of NSGs is to contain and manage security at the networking layer by defining what kind of traffic is allowed or denied.

Detailed Information

Core Functionality:

  • Traffic Filtering: NSGs enable you to filter inbound and outbound traffic to network resources.
  • Layered Security: They can be associated with either subnets, individual VMs, or both, providing layered security within your virtual network.

Features & Functionality:

  1. Security Rules: NSGs contain security rules that allow or deny traffic based on properties such as source and destination IP address, port, and protocol.
  2. Directional Control: Separate rules for inbound and outbound traffic allow for granular control.
  3. Priority System: Rules are processed based on their priority, with lower numbers taking precedence.
  4. Integration with Azure Monitoring and Logging: NSGs integrate with Azure Monitor and Azure Security Center (now Defender for Cloud) for diagnostics, monitoring, and alerts.

Technical Specifications:

  • Stateful Filtering: NSGs track the state of active TCP and UDP sessions and make decisions based on the state information.
  • Default Rules: They include default rules that deny all inbound traffic and allow all outbound traffic, which can be overridden with custom rules.
  • Rule Limitations: Up to 1000 custom rules per NSG.

Pricing:

Network Security Groups are included at no extra cost with your Azure subscription. You are charged for the underlying virtual network resources that NSGs protect but not for the NSGs themselves.

Related Azure Services:

  • Azure Virtual Networks: NSGs work seamlessly with virtual networks to control traffic at the subnet and NIC levels.
  • Defender for Cloud: Integration with Azure's Defender for Cloud offers enhanced security analytics and threat protection.
  • Azure Firewall: Can be used in conjunction with NSGs for more comprehensive, centralised network protection.

Conclusion

Network Security Groups are a pivotal component of Azure's security architecture, providing flexible and robust controls to manage traffic within your virtual networks. By configuring custom rules and leveraging the integration with other Azure services like Defender for Cloud, organisations can create a tailored security posture that aligns with their specific requirements and risk profile.

NSGs represent an essential tool in the quest to create a more secure and compliant Azure environment, fostering a more secure and resilient network structure.

Should you wish to delve further into how Network Security Groups can be deployed within your Azure landscape or have specific questions about optimising your current setup, we're here to provide the guidance and support necessary. Engaging with our team will allow you to tap into our expertise in Azure network security, ensuring that your deployment of NSGs aligns with best practices and your organisation's unique security needs. Feel free to reach out for more information or tailored assistance.