The latest articles on DEV Community by Timothy Pulliam (@timothypulliam). https://dev.to/timothypulliam https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F91820%2F51246420-b75d-4f00-a717-d17ef47775d8.jpeg https://dev.to/timothypulliam en Timothy Pulliam Sat, 15 Apr 2023 01:36:49 +0000 https://dev.to/timothypulliam/azure-network-security-groups-1jaf https://dev.to/timothypulliam/azure-network-security-groups-1jaf <h2> What Are NSGs? </h2> <p>In the age of cloud computing, security has become a top priority for organizations that rely on the cloud to store, process, and transmit data. Azure, Microsoft's cloud computing platform, offers a variety of security features to ensure the confidentiality, integrity, and availability of your data. One such feature is Azure Network Security Groups (NSGs).<br> Azure NSGs are a tool for implementing network security policies in your virtual networks. They allow you to define inbound and outbound traffic rules that govern the flow of traffic to and from your virtual machines (VMs). By applying NSGs to your VMs and subnets, you can create a secure network environment that minimizes the risk of unauthorized access, data breaches, and other security threats.<br> Here are some key features and benefits of Azure NSGs:</p> <ol> <li>Traffic filtering: NSGs enable you to define rules that allow or deny traffic based on criteria such as IP addresses, protocols, and ports. You can also create rules that prioritize traffic or limit the amount of traffic allowed.</li> <li>Network segmentation: By applying NSGs to subnets and VMs, you can segment your network into smaller, more manageable units. This makes it easier to monitor and control network traffic and reduces the risk of lateral movement by attackers.</li> <li>Integration with other Azure services: NSGs can be used in conjunction with other Azure security services, such as Azure Firewall and Azure Application Gateway, to create a comprehensive security solution.</li> <li>Logging and monitoring: NSGs provide logging and monitoring capabilities that enable you to track and analyze network traffic. This helps you detect and respond to security incidents and comply with regulatory requirements.</li> <li>Easy to use: NSGs can be configured using Azure Portal, Azure CLI, Azure PowerShell, or Azure REST API. This flexibility makes it easy to integrate NSGs into your existing workflows and automate security policies.</li> </ol> <h2> Azure CLI Example </h2> <p>Here are the Azure CLI commands for creating an Azure Network Security Group:</p> <ol> <li>Create a resource group (if one doesn't already exist): </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az group create <span class="nt">--name</span> myResourceGroup <span class="nt">--location</span> eastus </code></pre> </div> <ol> <li>Create a network security group: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network nsg create <span class="nt">--name</span> myNetworkSecurityGroup <span class="nt">--resource-group</span> myResourceGroup <span class="nt">--location</span> eastus </code></pre> </div> <ol> <li>Create an inbound security rule: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network nsg rule create <span class="nt">--name</span> allow-http <span class="nt">--nsg-name</span> myNetworkSecurityGroup <span class="nt">--priority</span> 100 <span class="se">\</span> <span class="nt">--source-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--source-port-range</span> <span class="s2">"*"</span> <span class="nt">--destination-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--destination-port-range</span> 80 <span class="se">\</span> <span class="nt">--access</span> allow <span class="nt">--protocol</span> Tcp <span class="nt">--description</span> <span class="s2">"Allow HTTP traffic"</span> </code></pre> </div> <ol> <li>Create another inbound security rule: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network nsg rule create <span class="nt">--name</span> allow-https <span class="nt">--nsg-name</span> myNetworkSecurityGroup <span class="nt">--priority</span> 110 <span class="se">\</span> <span class="nt">--source-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--source-port-range</span> <span class="s2">"*"</span> <span class="nt">--destination-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--destination-port-range</span> 443 <span class="se">\</span> <span class="nt">--access</span> allow <span class="nt">--protocol</span> Tcp <span class="nt">--description</span> <span class="s2">"Allow HTTPS traffic"</span> </code></pre> </div> <ol> <li>Create an outbound security rule: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network nsg rule create <span class="nt">--name</span> allow-all <span class="nt">--nsg-name</span> myNetworkSecurityGroup <span class="nt">--priority</span> 100 <span class="se">\</span> <span class="nt">--source-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--source-port-range</span> <span class="s2">"*"</span> <span class="nt">--destination-address-prefix</span> <span class="s2">"*"</span> <span class="nt">--destination-port-range</span> <span class="s2">"*"</span> <span class="se">\</span> <span class="nt">--access</span> allow <span class="nt">--protocol</span> <span class="s2">"*"</span> <span class="nt">--description</span> <span class="s2">"Allow all outbound traffic"</span> </code></pre> </div> <p>These Azure CLI commands create an Azure Network Security Group resource called <code>myNetworkSecurityGroup</code>, along with three security rules: <code>allow-http</code>, <code>allow-https</code>, and <code>allow-all</code>. You can modify the parameters of these commands to suit your specific security requirements.</p> <h2> Terraform Example </h2> <p>Here's an example Terraform code for creating an Azure Network Security Group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Configure the Azure provider</span> <span class="nx">provider</span> <span class="s2">"azurerm"</span> <span class="p">{</span> <span class="err"> </span><span class="nx">features</span> <span class="p">{}</span> <span class="p">}</span> <span class="c1"># Create a new resource group</span> <span class="nx">resource</span> <span class="s2">"azurerm_resource_group"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="err"> </span><span class="nx">name</span> <span class="p">=</span> <span class="s2">"example-rg"</span> <span class="err"> </span><span class="nx">location</span> <span class="p">=</span> <span class="s2">"eastus"</span> <span class="p">}</span> <span class="c1"># Create a new network security group</span> <span class="nx">resource</span> <span class="s2">"azurerm_network_security_group"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="err"> </span><span class="nx">name</span> <span class="p">=</span> <span class="s2">"example-nsg"</span> <span class="err"> </span><span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="err">.</span><span class="nx">example</span><span class="err">.</span><span class="nx">location</span> <span class="err"> </span><span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="err">.</span><span class="nx">example</span><span class="err">.</span><span class="nx">name</span> <span class="c1"># Define inbound security rules</span> <span class="err"> </span><span class="nx">security_rule</span> <span class="p">{</span> <span class="err"> </span><span class="nx">name</span> <span class="p">=</span> <span class="s2">"allow-http"</span> <span class="err"> </span><span class="nx">priority</span> <span class="p">=</span> <span class="mi">100</span> <span class="err"> </span><span class="nx">direction</span> <span class="p">=</span> <span class="s2">"Inbound"</span> <span class="err"> </span><span class="nx">access</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="err"> </span><span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"Tcp"</span> <span class="err"> </span><span class="nx">source_port_range</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_port_range</span> <span class="p">=</span> <span class="s2">"80"</span> <span class="err"> </span><span class="nx">source_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="p">}</span> <span class="nx">security_rule</span> <span class="p">{</span> <span class="err"> </span><span class="nx">name</span> <span class="p">=</span> <span class="s2">"allow-https"</span> <span class="err"> </span><span class="nx">priority</span> <span class="p">=</span> <span class="mi">110</span> <span class="err"> </span><span class="nx">direction</span> <span class="p">=</span> <span class="s2">"Inbound"</span> <span class="err"> </span><span class="nx">access</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="err"> </span><span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"Tcp"</span> <span class="err"> </span><span class="nx">source_port_range</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_port_range</span> <span class="p">=</span> <span class="s2">"443"</span> <span class="err"> </span><span class="nx">source_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="p">}</span> <span class="c1"># Define outbound security rules</span> <span class="err"> </span><span class="nx">security_rule</span> <span class="p">{</span> <span class="err"> </span><span class="nx">name</span> <span class="p">=</span> <span class="s2">"allow-all"</span> <span class="err"> </span><span class="nx">priority</span> <span class="p">=</span> <span class="mi">100</span> <span class="err"> </span><span class="nx">direction</span> <span class="p">=</span> <span class="s2">"Outbound"</span> <span class="err"> </span><span class="nx">access</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="err"> </span><span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">source_port_range</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_port_range</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">source_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="nx">destination_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="err"> </span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This Terraform code creates a new Azure Network Security Group resource called <code>example-nsg</code> and associates it with a new resource group called <code>example-rg</code>. The <code>security_rule</code> blocks define inbound and outbound traffic rules, allowing HTTP and HTTPS traffic inbound, and all traffic outbound. You can modify these rules to suit your specific security requirements.<br> Here are the Terraform commands to run the code:</p> <ol> <li> <code>terraform init</code>: This command initializes the working directory and downloads any necessary providers or modules.</li> <li> <code>terraform plan</code>: This command creates an execution plan that shows what actions Terraform will take when you apply the configuration. It also shows any errors or warnings that need to be addressed before applying the configuration.</li> <li> <code>terraform apply</code>: This command applies the configuration and creates the Azure Network Security Group resource.</li> <li> <code>terraform destroy</code>: This command destroys the created resources, including the Azure Network Security Group resource. To run these commands, navigate to the directory containing the Terraform code in your terminal or command prompt, and run the commands in order. You'll need to authenticate with your Azure account credentials during the <code>terraform init</code> and <code>terraform apply</code> commands.</li> </ol> <h2> Summary </h2> <p>In summary, Azure Network Security Groups are a powerful tool for implementing network security policies in your virtual networks. By defining traffic rules and applying them to your VMs and subnets, you can create a secure network environment that minimizes the risk of security breaches and data loss. With their integration with other Azure security services and easy-to-use configuration options, NSGs are a valuable addition to any organization's cloud security toolkit.</p> azure network security cloud Timothy Pulliam Sat, 20 Mar 2021 23:05:59 +0000 https://dev.to/timothypulliam/class-variables-in-python-524o https://dev.to/timothypulliam/class-variables-in-python-524o <h2> Class / Static Variables in Python </h2> <p>Consider the following python class<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Cat</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="c1"># class / static variables </span> <span class="n">is_mammal</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">genus</span> <span class="o">=</span> <span class="s">"felis"</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="s">"daisy"</span><span class="p">):</span> <span class="c1"># instance variables </span> <span class="bp">self</span><span class="p">.</span><span class="n">set_name</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="c1"># set / get methods </span> <span class="k">def</span> <span class="nf">set_name</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="bp">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_name</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="k">return</span> <span class="bp">self</span><span class="p">.</span><span class="n">name</span> </code></pre> </div> <p>Class variables can be used without needing to instance the class<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">print</span><span class="p">(</span><span class="n">Cat</span><span class="p">.</span><span class="n">is_mammal</span><span class="p">)</span> <span class="c1"># True </span></code></pre> </div> <h2> Why Class Variables are Bad </h2> <p>A good guiding rule is, do not use class variables unless absolutely necessary. The reason is simple; they break the most basic principle of Object<br> Oriented Programming, which is that data should be <strong>encapsulated</strong>. Other instances of a class should not have direct access to other instance's data members (variables). That would defeat the very purpose of creating separate instances with their own values to begin with.</p> <h6> Example </h6> <p>You can change a class' static variable like so<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">Cat</span><span class="p">.</span><span class="n">is_mammal</span> <span class="o">=</span> <span class="s">"yes"</span> <span class="k">print</span><span class="p">(</span><span class="n">Cat</span><span class="p">.</span><span class="n">is_mammal</span><span class="p">)</span> <span class="c1"># yes </span></code></pre> </div> <p>However, note that if you do, you will change the value for any existing instances, as well as future instances of the class.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">daisy</span> <span class="o">=</span> <span class="n">Cat</span><span class="p">()</span> <span class="k">print</span><span class="p">(</span><span class="n">daisy</span><span class="p">.</span><span class="n">is_mammal</span><span class="p">)</span> <span class="c1"># True </span><span class="n">Cat</span><span class="p">.</span><span class="n">is_mammal</span> <span class="o">=</span> <span class="s">"yes"</span> <span class="n">sophie</span> <span class="o">=</span> <span class="n">Cat</span><span class="p">()</span> <span class="k">print</span><span class="p">(</span><span class="n">daisy</span><span class="p">.</span><span class="n">is_mammal</span><span class="p">)</span> <span class="c1"># yes </span><span class="k">print</span><span class="p">(</span><span class="n">sophie</span><span class="p">.</span><span class="n">is_mammal</span><span class="p">)</span> <span class="c1"># yes </span></code></pre> </div> <h2> Only Use Class Variables For Constants </h2> <p>Class variables exist at the <strong>class scope</strong>. All instances of the class have access to these variables. In this regard they are similar to global variables and should only be used for storing global values that all instances of a class agree on (i.e. constants).</p> <p>In the cat class example, having a reference to the genus of the cat is probably fine as a class variable, since that is constant and should never change. However, you should designate these values as constants by typing them in upper case.</p> <p>The fact that class variables are similar to global variables should be enough of a deterrent to use them with extreme caution. Any variable that can be changed or read by many instances at any time creates a fundamentally unpredictable program.</p> python oop