DEV Community

Cover image for A comprehensive guide to applying Network Security in our Azure environment
Christiana
Christiana

Posted on • Edited on

A comprehensive guide to applying Network Security in our Azure environment

#webdev #microsoft #azure #beginners

Today we will be doing a little project.
This project will guide you on - how you can apply network security

  • creating virtual networks
  • creating virtual machines ( we will be creating three VMs)
  • implementing Network Security Group
  • creating SSH
  • How to connect to the backend virtual machine from the frontend virtual machine. With that being said, let's dive in 😊

Introduction

Azure Security Groups are divided into two:

  1. Network Security Group: NSG is designed to filter traffic to inbound (incoming/ingress) and from outbound ( outgoing/egress) Azure resources located in the Azure Virtual Network. The filterings are controlled by rules. The rules are created by specifying:
    i. The source and destination ( IP addresses, service tags, application security groups)
    ii. The protocol (TCP, UDP, any)
    iii. Port ( ports range from 0-65535)
    iv. Directions (either inbound or outbound)
    v. Priority level

  2. Application Security Group: This is a feature that allows the grouping of virtual networks. Application Security is another level of security that we can apply to the environment to ensure strong security.

Steps to achieve this project

Step 1: Resources Group Creation

  • Go to your Azure portal
  • Search and click on resources group
  • Click on create

  • Name the resources group
  • Choose region
  • Click create

Step 2: Virtual Network Creation

  • On your Azure portal, search for virtual networks
  • Click on it
  • Click on create
  • Name the Virtual Network

  • Go to the IP section
  • Delete the default IP and click on Add a subnet

  • Name your subnet (front-end)
  • Click add
  • Add another subnet
  • Name it backend and click add
  • Go to review and create

Step 3: Virtual Machine Creation
Firstly, we will create an SSH key

  • Create a folder in your system
  • Right-click on the folder and open it with CMD or PowerShell
  • Then type ssh-keygen -b 4096 (hit enter)
  • Go to your Azure portal
  • Search and click on virtual machine
  • Click on create
  • Select the resources group you created
  • Name the Virtual Machine (frontend)
  • Choose and server (I'm working with Ubuntu server 20.04 LTS for this project)
  • Choose SSH as authentication type

  • Name your username
  • choose use existing public key for the SSH public key source
  • Go to the folder you created your SSH key, and copy the public key
  • Paste it where you see SSH public key where you are creating your VM
  • Select none on your inbound section
  • Go to network section
  • under subnet, choose frontend
  • under public IP, choose (new) frontend
  • leave NIC at basic
  • select SSH as inbound port
  • Enable Delete public IP and NIC
  • Go to review+create
  • Then click create

Step 4: Create another Virtual Machine for Backend by following the above steps

Step 5: Implementing Network Security on the frontend virtual machine

  • Go to your Azure portal
  • search for network security groups and click on it
  • You will see the frontend and backend subnets we created when we were creating virtual networks
  • Click on Frontend
  • Click Security on the left
  • Click on inbound rules
  • Click on add
  • if you have IP addresses you want to give permission to access the application, then choose IP addresses in source section.
  • Choose IP addresses and paste all the IP addresses you want
  • In source port ranges, put the port you are accessing
  • Choose Any in destination section
  • under service, choose ssh
  • Choose Allow for action section
  • Put 100 in priority level
  • Put description (e.g allow these IPS to access the server)
  • Then click on add

Steps 6: Let's access the backend from the frontend

  • download mobaxterm
  • after configuring the mobaxterm, open it and click on section
  • click ssh
  • copy the public IP address of your frontend virtual machine and paste it in the mobaxterm
  • put the frontend virtual machine username
  • go to the folder you created your SSH key and copy the private key
  • paste it at use private key in the MobaXterm
  • Then click ok
  • click accept
  • After logging in, type sudo update
  • After updating, type host name and hit enter
  • type nano sshkey, hit enter
  • copy the private key of the SSH key you created and paste it
  • then press control x in your keyboard and hit enter
  • then type ssh -i ssh (the backend virtual machine username)@( the backend virtual machine public IP address) hit enter
  • type yes ( when you see do you want to login) then hit enter

Top comments (0)