3 Implementing network security in Azure: Firewall, WAF, and DDoS protection

 

This chapter covers

  • What is Azure network security, actually?
  • Azure Firewall
  • Azure Web Application Firewall
  • Mitigating DDoS attacks

Networking continues to be a fundamental building block of any public cloud environment. Understanding how to implement a secure network infrastructure in Azure, is what this chapter teaches you. In it, you learn how to differentiate between the various network security services in Azure and implement them effectively.

Note

To follow along the exercises in this chapter, you can use the GitHub repository available at https://github.com/bmagusic/azure-security.

Along the way, I introduce you to a couple of additional models and concepts, which make it easier to understand how to implement network security in Azure. You learn this on an example of securing resources in Azure and providing secure access to these resources through the implementation of native network security services. These native network security services are commonly referred to as Azure network security.

3.1 What is Azure network security, actually?

Azure network security is a set of Azure services that you can use to implement a secure network infrastructure in Azure. The network security services that this chapter teaches you are the following:

  • Azure Firewall Standard
  • Azure Firewall Premium
  • Azure Web Application Firewall
  • Azure DDoS Protection Basic
  • Azure DDoS Protection Standard

3.1.1 Importance of network segmentation

 
 
 

3.1.2 Positive-security model

 

3.2 Azure Firewall

 
 
 

3.2.1 Azure Firewall Standard vs. Premium

 
 
 

3.2.2 Azure Firewall Standard in action

 
 
 
 

3.2.3 Allowing Azure Firewall traffic

 
 

3.2.4 Azure Firewall Premium

 
 
 

3.2.5 Azure Firewall policy

 
 
 

3.2.6 Azure Firewall Manager

 
 
 
 

3.3 Azure Web Application Firewall

 
 

3.3.1 Azure WAF on Azure Application Gateway in action

 

3.3.2 Azure WAF on Azure Front Door in action

 

3.3.3 Tuning your Azure WAF

 
 

3.4 Mitigating DDoS attacks

 
 

3.4.1 DDoS Protection in Azure

 
 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest