AZ-900 Episode 21 | Azure Security Groups | Network and Application Security Groups (NSG, ASG)
Ғылым және технология
Microsoft Azure Fundamental full course.
Security network connectivity is one of the most important tasks when building infrastructure in Azure. Today on Azure Fundamentals we explore how Network and Application Security Groups help us with those challenges.
Skills Learned
* Describe Network Security Groups (NSG)
* Describe Application Security Groups (ASG)
🌐 Site: marczak.io/az-900/#ep21
Episode Resources
📚 Study cheat sheet marczak.io/az-900/episode-21/...
🧠 Practice Test marczak.io/az-900/episode-21/...
Study Guide
Microsoft Learn: Networking Intro docs.microsoft.com/en-us/lear...
Microsoft Documentation: Network Security Groups (NSG) docs.microsoft.com/en-us/azur...
Microsoft Documentation: Application Security Groups (ASG) docs.microsoft.com/en-us/azur...
Agenda
00:00 Episode introduction
00:24 Network Security Groups
01:42 Network Security Groups Demo
05:18 Network Security Groups Summary
06:22 Application Security Groups
07:53 Summary of Security Groups
Want to connect?
- Blog marczak.io/
- Twitter / marczakio
- Facebook / marczakio
- LinkedIn / adam-marczak
- Site azure4everyone.com
Пікірлер: 134
Hey Adam, thanks for putting this content together and making it available for free
@AdamMarczakYT
3 жыл бұрын
My pleasure!
I have been learning from your videos for the past 2 months, slowly getting ready for my AZ-900 exam in 2 weeks. I only wish you would update certain videos to accommodate the changes to the AZ-900 that occurred this year. Still, these videos are excellent and relevant. Thanks Adam !!
@Dan-of2qz
7 ай бұрын
what were the videos that needed to be changed?
You are simply a superb teacher. If I get a mentor like you then learning new things will never feel boring. Really appreciate your efforts and Thank you so much for such a great content.
@AdamMarczakYT
2 жыл бұрын
So nice of you, thanks
Thanks Adam. You really tend to break concepts down extremely concisely. -your Biblical son, Seth.
Thank you so much Adam for making these difficult-to-grasp concepts very easy to understand and interesting to learn. There are no words for your teaching skills. You are awesome. Thanks a lot Adam !
Your videos and practice tests are the best! Thanks Adam.
I rarely comment on KZread video, but Adam's AZ-900 catalog is amazing. Thank you so much!
Część Adam, Thank you for being a fantastic teacher! NSGs and ASGs overlap, to me, but you've cleared that up. Dziękuję, Daniel
I can't agree more with others. It takes a lot to be a good instructor. You have it in you! Keep making awesome educational videos.
I appreciate you for making these videos for us!! Very Helpful
Happy to see another one ...waiting for it ...Thanks Adam ... You Rock!
@AdamMarczakYT
3 жыл бұрын
More to come!
Another crisp one! ❤️
@AdamMarczakYT
3 жыл бұрын
More to come! :) thanks!
Superb, simple and effective - Great Adam, Many thanks.
@AdamMarczakYT
2 жыл бұрын
Glad you liked it!
Hi Adam, great explanation, excellent visualization, thank you!
Brilliant , Very clearly explained with example ... Thanks for the effort.
@AdamMarczakYT
2 жыл бұрын
Glad it was helpful!
Very helpful! I understand the difference now, Thank You!!
Thank you Adam❤️ Your videos are really helpful
@AdamMarczakYT
3 жыл бұрын
My pleasure! Always glad to hear that!
You are the best Adam! Thank you
Thanks for this series, I have just cleared my AZ900 Azure fundamental exam yesterday, thanks alot sir🙏🏻✌🏻✌🏻
@AdamMarczakYT
3 жыл бұрын
Thank you and congrats, keep up the good work :)
@HUTTB0LE
3 жыл бұрын
Hi @Krishna. I know the AZ900 updated their test recently. Did you find that Adam covered everything you need to know for the test?
@krishnaawasthi2120
3 жыл бұрын
@@HUTTB0LE yes , Adam has covered everything but you have to go through some practice test, for that there are 6 practice tests in one udemy course, you can go through that and that will help you alot
@ahambrahmasmi8210
3 жыл бұрын
@@krishnaawasthi2120 , Can you post the udemy link once ?
Congratulations for the amazing job! your explanations are great!
Thanks Adam your videos explanation very simple to understand and its really helpful
Great video as ususal. Amazing resource.
@AdamMarczakYT
3 жыл бұрын
Thanks again!
Thanks Adam for the superb videos , really one stop shop for fundamental certifications. If you have any architect level course , do share with us.
Awesome, thank you!
Brilliant. I wish this was around when I started learning Azure.
@AdamMarczakYT
3 жыл бұрын
You and me both, I wish I started earlier! Thanks!
Sizzling! Thanks Adam!
@AdamMarczakYT
3 жыл бұрын
Any time! Thanks for watching :)
Your Cartoons are really great understanding Adam.. Hats off !!
@AdamMarczakYT
3 жыл бұрын
Thank you so much 😀
Hi Adam. Your Video's are really good. It will be great if you can make videos for other Microsoft certifications( SC-400,SC-300 and SC-200).
Thank You , Simple explanation and its very useful .
@AdamMarczakYT
2 жыл бұрын
You are welcome
You are great narrator Adam ... brilliant class
@AdamMarczakYT
3 жыл бұрын
Cheers!
great video. thank you!
It's easy to understand your explanation
Hi Adam, thanks. I'm getting this certification
Very good explanation 👍
Thank you so much for an useful video
Perfect Explanation Adam
@AdamMarczakYT
3 жыл бұрын
Glad you think so!
your content is really helpful
Thank you, Adam!
@AdamMarczakYT
2 жыл бұрын
Thanks
Thank you Adam!
@AdamMarczakYT
2 жыл бұрын
My pleasure!
Great one and great explained
@AdamMarczakYT
3 жыл бұрын
Glad you liked it!
Excellent video
@AdamMarczakYT
2 жыл бұрын
Thank you very much!
Very Good Explanation.. Good Job mate
@AdamMarczakYT
3 жыл бұрын
Thank you! 👍
Thank you
Amazing explanation
@AdamMarczakYT
3 жыл бұрын
Glad you think so!
Very well done.
@AdamMarczakYT
2 жыл бұрын
Thank you kindly!
Please make a playlist for AZ-104. You're the only one that will put an end to the ambiguity in azure 😅
Very easy to understand thanks
@AdamMarczakYT
3 жыл бұрын
You are welcome
Thanks!
😇😇😇Um ehrlich zu sein, du bist der Beste aller Zeiten. Wenn Sie auch Azure 104 (kurs) machen, wäre es besser
Nicely done.
@AdamMarczakYT
2 жыл бұрын
Thank you! Cheers!
NSG allow/block specific port not service. NSG can't be used as Application(service) firewall. For example, if i decided to use ssh on port 2224, NSG rule that block 22 port can't prevent my attempt to connect to host via ssh.
@Adam in 04:05 --While adding inbound security rule in our NSG, we have source, SPR, destination, DPR, protocol and action. In protocol field we have 4 options ie,(Any, TCP, UDP and ICMP). So my question is, Is this possible to select more than one option (in protocol field)? for example protocol: TCP amd ICMP. Or its only one option at a time?
@AdamMarczakYT
3 жыл бұрын
One at the time, that's why they added option Any to allow for all of them.
Thanks Adam. Another good one! These are great. Heads up: There's a spelling mistake on the practice test answer for #1 "Serurity"
@AdamMarczakYT
3 жыл бұрын
Darn it! Thanks Pete, I ran this through grammarly, maybe I'm just getting blind this days :)
Subbed! Nice 1
@AdamMarczakYT
3 жыл бұрын
Thanks for the sub! Welcome aboard!
you the best💓👌
@AdamMarczakYT
3 жыл бұрын
Thanks!
I have a question about how NSG works. So if I were to create a rule to allow RDP with a priority of 100, and another rule to block RDP with a priority of 101, would RDP be allowed in this case?
Hi Adam, thanks for the great content. I just have one question... in 1:05 you say that all traffic comming from the internet would be allowd... but I think there the "implicit" deny rule. Therefore, traffic must be explicitly permitted...
@AdamMarczakYT
3 жыл бұрын
Great question. Notice that you said you have a 'default rule', that means you also have a NSG. In this example, I have shown a diagram with no NSGs. In that case all ports are exposed to the internet/intranet. In Azure your can create resources without NSG if you want, but by default templates include NSG so most people don't even realize that. I used this as an example as to why NSGs are so important for us.
@vak21
3 жыл бұрын
@@AdamMarczakYT thanks !
thanku for this beautiful video, just a small doubt, can we give different OS to different instances in same VMSS?? is this possible using ARM template?
@AdamMarczakYT
3 жыл бұрын
VMSS = identical VMs, if you change OS they are no longer identical, so no. Thanks for watching! :)
Great stuff like always. How many episodes left to do in AZ-900 ?
@AdamMarczakYT
3 жыл бұрын
Check the website :) marczak.io/az-900 the agenda is always there with a list of episodes. All remaining episodes should be released in the next 2 months.
Dziękuję za kurs! Czy mógłby Pan podpowiedzieć czym się różnią certyfikaty MS-900 i AZ-900?
@AdamMarczakYT
2 жыл бұрын
MS- skupia sie na Microsoft 365, czyli uslugi office, power platform, etc. AZ- na Azure.
Very KISS (Keep In Short Simple) I got clarity about NSG & ASG. Can I know which software or thing you are using the presentation? It gives me a very clear understanding.
@AdamMarczakYT
3 жыл бұрын
Thank you :) I just use powerpoint only, no extra tools.
I know this is probably just for example purposes but was there any reason you placed your logic service in the same subnet as the web subnet? I'm thinking you could have had Web Subnet => Logic Subnet => DB Subnet as that seems more in-line with your security architecture when you used ASG.
@AdamMarczakYT
3 жыл бұрын
You are correct, this is just for simplicity sake. 😀
From which source you create these kind of animation?
So if you have port 80 or 22 or any port for SSH , https or RDP. I can scan it using public ip via Nmap. Find vulnerability and i would attack your web server first and escalate to root privilege then move laterally to the data base and extract any files using Steganography.
@AdamMarczakYT
3 жыл бұрын
"Find vulnerability" - that's the tricky part. Azure Services are always up to date with latest security patches.
The NSG is an own resource correct? So after creating how do you link specific resources to the group and are rules for one nsg then applied to all resources linked or can they be customized for each resource?
@AdamMarczakYT
3 жыл бұрын
Great question Daniel. Inside of the NSG resource there are panels which allow you to associate NSG to either specific Network Interfaces of Virtual Machines or to entire Subnet. Lot's of info on this can be found here if you are interested: docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?WT.mc_id=AZ-MVP-5003556
@DanielWeikert
3 жыл бұрын
@@AdamMarczakYT Thanks for your quick reply Adam. Your videos are amazing and very helpful for beginners like me. Highly appreciate it! I really hope you will do an additional more advanced/ more detailed series with more practical examples in the future Keep up the great work! BR stay healthy and enjoy your evening
@AdamMarczakYT
3 жыл бұрын
Thanks Daniel, likewise stay safe :) Thanks for stopping by!
I didn't understand how to configure subnets within Network Security Groups, how would I attach inbound or outbound rules for the whole subnet range of IP addresses?
@AdamMarczakYT
2 жыл бұрын
Rules are affecting those that the NSG is attached to. If NSG is attached to Network Interface it will only affect that NIC. You need to attach NSG to an entire subnet for the rules to affect entire subnet.
Can we associate nsg to a vitrual network subnet and vitrual network and to a network interface?
@AdamMarczakYT
3 жыл бұрын
NSG can be associated with specific network interface or entire subnet.
Network Security group is not located in Azure Virtual Network, right?
@AdamMarczakYT
2 жыл бұрын
Nope, it's a separate resource which can be associated with a subnet or network interface
Hi Adam, how many hours is the total length of 39 episodes?
@fridaynyambe3170
Жыл бұрын
7hours
You mention the reduced maintenance requirement of ASG's, can you, or anyone else expand on the maintenance reduction?
@ramachandranthangam6421
2 жыл бұрын
I also have the same question
@AdamMarczakYT
2 жыл бұрын
If you have 100 VMs but you want to expose only 50 via NSG you would need to create many rules for them based on static IPs or ranges. It's easier to group those 50 in ASG and add that ASG in NSG.
Associate NSG to virtual network is possible?
@AdamMarczakYT
3 жыл бұрын
Either VNet subnet or network interface.
So security rules act as a firewall.
@AdamMarczakYT
3 жыл бұрын
Like a very simple one, yes. It's not inspecting the traffic but just filtering it. So partially yes.
Like DJ Khaled, "ANOTHER ONE".
@AdamMarczakYT
3 жыл бұрын
😂 thanks!
Hmm. sorry but where is the ‘vnet’
@AdamMarczakYT
2 жыл бұрын
It's on the screen :) white border, title is underneath
@ajaznawaz37
2 жыл бұрын
@@AdamMarczakYT Ah I see now (i think), it states virtual network. when you are coming from a legacy backgroud 'virtual network' can mean few different things. so sorry to sound pedantic, i like to keep 'cloud' terminology in a 'cloud bucket' and avoid to mix the two.
Thanks !
Thanks!
@AdamMarczakYT
3 жыл бұрын
You bet!