3 Implementing network security in Azure: Firewall, WAF, and DDoS protection

Networking continues to be a fundamental building block of any public cloud environment. Understanding how to implement a secure network infrastructure in Azure, is what this chapter teaches you. In it, you learn how to differentiate between the various network security services in Azure and implement them effectively.

Along the way, I introduce you to a couple of additional models and concepts, which make it easier to understand how to implement network security in Azure. You learn this on an example of securing resources in Azure and providing secure access to these resources through the implementation of native network security services. These native network security services are commonly referred to as Azure network security.

3.1 What is Azure network security, actually?

Azure network security is a set of Azure services that you can use to implement a secure network infrastructure in Azure. The network security services that this chapter teaches you are the following:

3.1.1 Importance of network segmentation

3.1.2 Positive-security model

3.2 Azure Firewall

3.2.1 Azure Firewall Standard vs. Premium

3.2.2 Azure Firewall Standard in action

3.2.3 Allowing Azure Firewall traffic

3.2.4 Azure Firewall Premium

3.2.5 Azure Firewall policy

3.2.6 Azure Firewall Manager

3.3 Azure Web Application Firewall

3.3.1 Azure WAF on Azure Application Gateway in action

3.3.2 Azure WAF on Azure Front Door in action

3.3.3 Tuning your Azure WAF

3.4 Mitigating DDoS attacks

3.4.1 DDoS Protection in Azure