Securing Azure Virtual Network


This post was originally published here by Edward Smith.

Many enterprises are already reaping the exponential rewards delivered by using Infrastructure as a Service (IaaS), in the form of increased efficiency and decreased costs.

By combining its reach and scope with the power of virtualization services, such as Azure Virtual Network  and Virtual Machines (VMs), Azure is delivering a number of business benefits to companies of all sizes. Enterprises are now able to expand their network capabilities almost instantly, improving speed, agility, performance, security and disaster recovery at scale.

What is Azure Virtual Network?

Azure Virtual Network basically enables you to create an isolated replica of your network within the Azure cloud that is completely dedicated to your subscription.

A virtual network (VNet) is used as a communication channel between the resources you launch in the cloud. They are referred to as ‘virtual’ because they don’t rely on actual routers and switches to provide the medium for your servers to interact. The VNet itself is the medium which gives you private connectivity between your VMs, other networked devices, and some Azure services.

Synonymous to AWS VPC (Virtual Private Cloud), Azure Virtual Network can also deliver a range of other networking features, including the ability to customize DHCP blocks, DNS, routing, inter-VM connectivity, access control and Virtual Private Networks (VPNs).

Simply put: If two of your computers need to interact with each other, you would just need to give them the right permissions, which you can configure in your VNet settings. Once you’ve added the appropriate permissions, you just include the VMs within that virtual network and you’re all set.

Using VNets, you get total control over the IP address blocks, DNS settings, security policies and route tables within your VNet, and you can connect the VNet to your on-premise network.

IaaS Requires New Approach to Security

Because cloud computing is driven by a new infrastructure model, it also requires a new approach to security. In the Azure environment, Microsoft provides a secure foundation across physical, infrastructure, and operational security, but it is still your responsibility to protect the security of your application workloads, data, identities, on-premises resources, and all the cloud components that you control. This is referred as the “Shared Responsibility Model.”

What are the Risks of Misconfiguring Your Azure Virtual Network?

To protect the security of your Azure Virtual Network resources, it’s important that you fulfill your end of the Shared Responsibility Model by using and configuring the service correctly based on security best practices. If you don’t configure your Virtual Network based on security best practices, you will not be putting the right controls in place and risk giving unrestricted access to the following:

  • Inbound Access on All Ports
  • Outbound Access on All Ports
  • Telnet access
  • SSH access
  • SMTP access
  • RPC access
  • RDP access
  • PostgreSQL access
  • Oracle Database access
  • NetBIOS access
  • MySQL Database Access
  • CIFS Access
  • CIFS access
  • FTP Access

How Halo Can Help

Halo Cloud Secure can help you control network traffic and access to resources in your Azure Virtual Network by ensuring you are applying the correct setting and using network security groups to restrict access. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols.



No posts to display