3 Implementing network security in Azure: Firewall, WAF, and DDoS protection

 

This chapter covers

  • Azure network security
  • Azure Firewall
  • Azure Web Application Firewall
  • Mitigating DDoS attacks

Networking continues to be a fundamental building block of any public cloud environment. This chapter teaches you how to implement a secure network infrastructure in Azure. In it, you learn how to differentiate between the various network security services in Azure and implement them effectively.

Note

To follow along with the exercises in this chapter, you can use the GitHub repository available at https://github.com/bmagusic/azure-security.

Along the way, I’ll introduce you to a couple of additional models and concepts that make it easier to understand how to implement network security in Azure. You will learn Azure network security using an example of securing resources in Azure and providing secure access to these resources through the implementation of native network security services. These native network security services are commonly referred to as Azure network security.

3.1 Azure network security

Azure network security is a set of Azure services that you can use to implement a secure network infrastructure in Azure. The network security services this chapter teaches you are the following:

  • Azure Firewall Standard
  • Azure Firewall Premium
  • Azure Web Application Firewall
  • Azure DDoS Protection Basic
  • Azure DDoS Protection Standard

3.1.1 The importance of network segmentation

3.1.2 Positive security model

3.2 Azure Firewall

3.2.1 Azure Firewall Standard vs. Premium