Implementing Network Security in Azure using PowerShell - Marcin Gastol
15690
post-template-default,single,single-post,postid-15690,single-format-standard,bridge-core-3.0.7,bridge,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode-child-theme-ver-1.0.0,qode-theme-ver-29.4,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.10.0,vc_responsive

19 Mar Implementing Network Security in Azure using PowerShell

Posted at 20:20h in Azure by
0 Likes

Intro

In today’s cloud-centric world, securing your network is crucial to protect your data and resources from unauthorized access and potential threats. Azure provides a comprehensive suite of network security tools and features that can be efficiently managed and automated using PowerShell. This blog post will explore how to implement and automate network security in Azure using PowerShell, focusing on Network Security Groups (NSGs), Azure Firewall, and Virtual Network (VNet) configurations.

Understanding Azure Network Security Components

Network Security Groups (NSGs) are fundamental to Azure network security. They contain security rules that allow or deny inbound and outbound traffic to and from resources. NSGs can be associated with subnets or individual network interfaces.

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It offers high availability and scalability while providing a central point of control.

VNets enable resources like virtual machines to communicate securely with each other, the internet, and on-premises networks. Configuring VNets involves setting up subnets, route tables, and service endpoints.

PowerShell for Azure Network Security

PowerShell is a powerful tool for automating Azure network security configurations. Below, we will cover examples of how to use PowerShell to set up and manage NSGs, Azure Firewall, and VNets.

Setting Up Network Security Groups (NSGs)

PowerShell
# Connect to Azure
Connect-AzAccount

# Define parameters
$resourceGroupName = 'GarsonResourceGroup'
$location = 'West Europe'
$nsgName = 'GarsonNSG'
$subnetName = 'default'

# Create a Network Security Group
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Location $location -Name $nsgName

# Define an inbound security rule to allow SSH
$rule1 = New-AzNetworkSecurityRuleConfig -Name 'Allow-SSH' -Description 'Allow SSH' -Access Allow -Protocol Tcp -Direction Inbound -Priority 1000 -SourceAddressPrefix '*' -SourcePortRange '*' -DestinationAddressPrefix '*' -DestinationPortRange 22

# Define an inbound security rule to allow HTTP
$rule2 = New-AzNetworkSecurityRuleConfig -Name 'Allow-HTTP' -Description 'Allow HTTP' -Access Allow -Protocol Tcp -Direction Inbound -Priority 1001 -SourceAddressPrefix '*' -SourcePortRange '*' -DestinationAddressPrefix '*' -DestinationPortRange 80

# Add rules to the NSG
$nsg | Add-AzNetworkSecurityRuleConfig -NetworkSecurityRule $rule1
$nsg | Add-AzNetworkSecurityRuleConfig -NetworkSecurityRule $rule2

# Apply the updated NSG configuration
$nsg | Set-AzNetworkSecurityGroup

Configuring Azure Firewall

PowerShell
# Define parameters
$firewallName = 'GarsonFirewall'
$vnetName = 'GarsonVNet'
$subnetName = 'AzureFirewallSubnet'
$publicIpName = 'GarsonFirewallPublicIP'

# Create a public IP address for the firewall
$publicIp = New-AzPublicIpAddress -ResourceGroupName $resourceGroupName -Location $location -Name $publicIpName -AllocationMethod Static -Sku Standard

# Create the firewall
$firewall = New-AzFirewall -Name $firewallName -ResourceGroupName $resourceGroupName -Location $location -VirtualNetworkName $vnetName -PublicIpAddressName $publicIpName

# Configure firewall rules
$ruleCollectionGroupName = 'GarsonRuleCollectionGroup'
$ruleCollection = New-AzFirewallNetworkRuleCollection -Name 'GarsonNetworkRules' -Priority 100 -RuleCollectionType 'NetworkRuleCollection' -RuleGroup (New-AzFirewallNetworkRuleGroup -Name 'GarsonNetworkRuleGroup' -Rule (New-AzFirewallNetworkRule -Name 'AllowHTTP' -Protocol 'TCP' -SourceAddress '0.0.0.0/0' -DestinationAddress '0.0.0.0/0' -DestinationPort 80))

# Add the rule collection to the firewall
$firewall | Set-AzFirewallNetworkRuleCollection -NetworkRuleCollection $ruleCollection

Configuring Virtual Network (VNet)

PowerShell
# Define parameters
$vnetName = 'GarsonVNet'
$addressSpace = '10.0.0.0/16'
$subnet1Name = 'FrontEndSubnet'
$subnet1AddressRange = '10.0.1.0/24'
$subnet2Name = 'BackEndSubnet'
$subnet2AddressRange = '10.0.2.0/24'

# Create a virtual network
$vnet = New-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Location $location -Name $vnetName -AddressPrefix $addressSpace

# Add subnets to the virtual network
Add-AzVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1AddressRange -VirtualNetwork $vnet
Add-AzVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix $subnet2AddressRange -VirtualNetwork $vnet

# Apply the VNet configuration
$vnet | Set-AzVirtualNetwork

Applying NSG to Subnet

PowerShell
# Apply the NSG to a subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name $vnetName
$subnet = $vnet | Get-AzVirtualNetworkSubnetConfig -Name $subnet1Name
Set-AzVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1AddressRange -NetworkSecurityGroup $nsg -VirtualNetwork $vnet

# Apply the updated VNet configuration
$vnet | Set-AzVirtualNetwork

If you wish to start you journey from beggining check out how to start with Powershell in Azure:

Azure 101. Exploring the Azure Portal and Key Services

Tags:
No Comments

Post A Comment

Verified by MonsterInsights