Traffic to and from resources needs proper security to protect data, but the wrong tool could leave you vulnerable. Explore these two services to find the right level of protection.
Show
Download1 
Published: 18 Mar 2021 When enterprises run workloads on a cloud service, they need to monitor and manage both inbound and outbound network traffic for security purposes. Microsoft Azure provides two security options to control inbound and outbound traffic:
Both services provide security, but at different network levels. Below, learn what each service is and its main features, as well as how the two compare. What is Azure Firewall?Azure Firewall is a managed, cloud network security service. This stateful firewall service deploys on any virtual network and protects Azure Virtual Network (VNet) resources by filtering both network and application-level traffic. Also, it enables admins to create traffic filtering rules, which they can enforce across multiple subscriptions and networks. Azure Firewall has built-in high availability and admins can configure it to span multiple Availability Zones for a 99.99% uptime. Also, with unrestricted cloud scalability, it can scale based on changing flows of inbound and outbound traffic. Other top Azure Firewall features include:
What is Network Security Group?An NSG is Microsoft's service to simplify virtual network security; it enforces and controls network traffic. NSGs are associated with subnets and network interfaces of an Azure VM. NSGs contain security rules and provide a way to activate a rule or access a control list. With these rules, IT teams can organize, filter and route different types of network traffic. These rules, which filter inbound and outbound traffic, deny or allow traffic based on 5-tuple information:
A comparison of Azure Firewall and NSGsWhen comparing Azure Firewall vs. NSGs, look at what Open Systems Interconnection (OSI) layer each service has. This information helps IT teams understand how data is sent or received over a network. It begins at Layer 1, which is the physical layer then goes up to 7, which is the application layer. Azure Firewall is an OSI L4 and L7, while NSG is L3 and L4. While Azure Firewall is a comprehensive and robust service with several features to regulate traffic, NSGs act as more of a basic firewall that filters traffic at the network layer. Azure Firewall is adept at analyzing and filtering L3, L4 and L7 traffic. Azure Firewall also provides support for threat-intelligence-based filtering, which NSG can't do. Both options use service tags to define network access controls. Service tags are groups of IP addresses for particular services, and they protect Azure resources, as well as achieve network isolation. Unlike NSGs, Azure Firewall also supports application FQDN tags, which are used together with application rules to allow the required outbound traffic through the firewall. In real world cases, enterprises typically use Azure Firewall when they need to filter traffic to a VNet with its threat intelligence-based filtering capabilities. NSGs are typically used to protect traffic flowing in and out of a subnet. These two network security services can work together to provide defense-in-depth network security in which multiple defensive measures are put in place. That way, if one element fails, another security measure stands in its place. Dig Deeper on Cloud infrastructure design and management
Related Q&A from Joydip KanjilalWhen should I choose between serverless and microservices?Serverless and microservices work well together, but they still have their unique qualities. We review their main differences and where one might ... Continue Reading Part of: Choose the right Azure networking service Article 4 of 5 Up Next Compare Azure Private Link vs. service endpoints When dealing with PaaS services running within a cloud environment, private connectivity is a must to secure resources. Compare these two services to see which one is a good fit. Core Azure networking services you need to know Network connectivity can make or break a cloud deployment. Discover the basics of Azure network services with this list of key offerings and terms. Compare Amazon VPC vs. Azure VNet for private networking Evaluate the core private networking services from AWS and Azure to see which one could best serve your organization's needs. Compare Azure Firewall vs. NSGs for network security Traffic to and from resources needs proper security to protect data, but the wrong tool could leave you vulnerable. Explore these two services to find the right level of protection. Pick a load balancer: Azure Front Door vs. Application Gateway Every cloud infrastructure requires a solid network architecture and Azure has two load balancers that can improve network performance. Discover where each one will fit the best. Which security services are part of the networking defense layer?Virtual network security appliances
Intrusion detection and intrusion response. Application layer inspection for high-level protocols. URL filtering. Network level antivirus and Antimalware.
Which of the following services are part of the networking service in Azure?Connectivity services: Connect Azure resources and on-premises resources using any or a combination of these networking services in Azure - Virtual Network (VNet), Virtual WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, Peering service, and Azure Bastion.
Which of the following is network level security recommendation provided by Azure?Based on the Zero Trust concept mentioned earlier, we recommend that you consider using a perimeter network for all high security deployments to enhance the level of network security and access control for your Azure resources.
What are different security services in Azure?Security. Microsoft Sentinel.. Microsoft Defender for Cloud.. Protect your Azure resources from distributed denial-of-service (DDoS) attacks.. Azure Bastion. Fully managed service that helps secure remote access to your virtual machines.. Web Application Firewall. ... . Azure Firewall. ... . Azure Firewall Manager.. |
