AZ-900 Episode 21 | Azure Security Groups | Network and Application Security Groups (NSG, ASG)

День тому

Microsoft Azure Fundamental full course.
Security network connectivity is one of the most important tasks when building infrastructure in Azure. Today on Azure Fundamentals we explore how Network and Application Security Groups help us with those challenges.
Skills Learned
* Describe Network Security Groups (NSG)
* Describe Application Security Groups (ASG)
🌐 Site: marczak.io/az-900/#ep21
Episode Resources
📚 Study cheat sheet marczak.io/az-900/episode-21/...
🧠 Practice Test marczak.io/az-900/episode-21/...
Study Guide
Microsoft Learn: Networking Intro docs.microsoft.com/en-us/lear...
Microsoft Documentation: Network Security Groups (NSG) docs.microsoft.com/en-us/azur...
Microsoft Documentation: Application Security Groups (ASG) docs.microsoft.com/en-us/azur...
Agenda
00:00 Episode introduction
00:24 Network Security Groups
01:42 Network Security Groups Demo
05:18 Network Security Groups Summary
06:22 Application Security Groups
07:53 Summary of Security Groups
Want to connect?
- Blog marczak.io/
- Twitter / marczakio
- Facebook / marczakio
- LinkedIn / adam-marczak
- Site azure4everyone.com

КОМЕНТАРІ: 134

@scotmarkieboy 3 роки тому

Hey Adam, thanks for putting this content together and making it available for free

@AdamMarczakYT 3 роки тому

My pleasure!

@abhisheksoni6012 9 місяців тому

Thank you so much Adam for making these difficult-to-grasp concepts very easy to understand and interesting to learn. There are no words for your teaching skills. You are awesome. Thanks a lot Adam !

@tone_death9392 7 місяців тому

I have been learning from your videos for the past 2 months, slowly getting ready for my AZ-900 exam in 2 weeks. I only wish you would update certain videos to accommodate the changes to the AZ-900 that occurred this year. Still, these videos are excellent and relevant. Thanks Adam !!

@Dan-of2qz 6 місяців тому

what were the videos that needed to be changed?

@prafulkambework 2 роки тому

You are simply a superb teacher. If I get a mentor like you then learning new things will never feel boring. Really appreciate your efforts and Thank you so much for such a great content.

@AdamMarczakYT 2 роки тому

So nice of you, thanks

@barbobrien9318 Рік тому

Your videos and practice tests are the best! Thanks Adam.

@RatherBCycling Рік тому

I rarely comment on UKposts video, but Adam's AZ-900 catalog is amazing. Thank you so much!

@stringsnmusic 10 місяців тому

I can't agree more with others. It takes a lot to be a good instructor. You have it in you! Keep making awesome educational videos.

@manauryreyes7262 Рік тому

I appreciate you for making these videos for us!! Very Helpful

@shividhun8675 3 роки тому

Happy to see another one ...waiting for it ...Thanks Adam ... You Rock!

@AdamMarczakYT 3 роки тому

More to come!

@sethboooooi23245 Рік тому

Thanks Adam. You really tend to break concepts down extremely concisely. -your Biblical son, Seth.

@timmusaka9577 Рік тому

You are the best Adam! Thank you

@christophmohl8139 2 роки тому

Hi Adam, great explanation, excellent visualization, thank you!

@jsfnrey 2 роки тому

Very helpful! I understand the difference now, Thank You!!

@asmitabagchi6886 3 роки тому

Another crisp one! ❤️

@AdamMarczakYT 3 роки тому

More to come! :) thanks!

@avanishsrivastav9878 3 роки тому

Thank you Adam❤️ Your videos are really helpful

@AdamMarczakYT 3 роки тому

My pleasure! Always glad to hear that!

@GodIsWithin3 6 місяців тому

Awesome, thank you!

@deepakkumar-cl6hs 2 роки тому

Brilliant , Very clearly explained with example ... Thanks for the effort.

@AdamMarczakYT 2 роки тому

Glad it was helpful!

@cristiansamsey 5 місяців тому

Congratulations for the amazing job! your explanations are great!

@sridharjayaraman8094 2 роки тому

Superb, simple and effective - Great Adam, Many thanks.

@AdamMarczakYT 2 роки тому

Glad you liked it!

@hstanciu 3 роки тому

Sizzling! Thanks Adam!

@AdamMarczakYT 3 роки тому

Any time! Thanks for watching :)

@xuanquangnguyen2291 2 роки тому

Thank you so much for an useful video

@5147052011 Рік тому

Thanks Adam for the superb videos , really one stop shop for fundamental certifications. If you have any architect level course , do share with us.

@skycode2310 Рік тому

It's easy to understand your explanation

@PramodKumar-oi2ct 3 роки тому

You are great narrator Adam ... brilliant class

@AdamMarczakYT 3 роки тому

Cheers!

@christoph9903 6 днів тому

great video. thank you!

@NadeemKhan-eq1qh 7 місяців тому

Thanks Adam your videos explanation very simple to understand and its really helpful

@CmdrStukov 3 роки тому

Brilliant. I wish this was around when I started learning Azure.

@AdamMarczakYT 3 роки тому

You and me both, I wish I started earlier! Thanks!

@farshidjamali 2 роки тому

Thank you, Adam!

@AdamMarczakYT 2 роки тому

Thanks

@harikaranmohan3865 3 роки тому

Your Cartoons are really great understanding Adam.. Hats off !!

@AdamMarczakYT 3 роки тому

Thank you so much 😀

@danielmartins4774 9 місяців тому

Część Adam, Thank you for being a fantastic teacher! NSGs and ASGs overlap, to me, but you've cleared that up. Dziękuję, Daniel

@krishnaawasthi2120 3 роки тому

Thanks for this series, I have just cleared my AZ900 Azure fundamental exam yesterday, thanks alot sir🙏🏻✌🏻✌🏻

@AdamMarczakYT 3 роки тому

Thank you and congrats, keep up the good work :)

@HUTTB0LE 3 роки тому

Hi @Krishna. I know the AZ900 updated their test recently. Did you find that Adam covered everything you need to know for the test?

@krishnaawasthi2120 3 роки тому

@@HUTTB0LE yes , Adam has covered everything but you have to go through some practice test, for that there are 6 practice tests in one udemy course, you can go through that and that will help you alot

@ahambrahmasmi8210 3 роки тому

@@krishnaawasthi2120 , Can you post the udemy link once ?

@howardwolowitz5879 Рік тому

your content is really helpful

@mannykhan7752 3 роки тому

Great video as ususal. Amazing resource.

@AdamMarczakYT 3 роки тому

Thanks again!

@vs9108 Рік тому

Thanks !

@KloudEnrich_RameshkumarB 3 роки тому

Perfect Explanation Adam

@AdamMarczakYT 3 роки тому

Glad you think so!

@sathyarajg5092 2 роки тому

Thank You , Simple explanation and its very useful .

@AdamMarczakYT 2 роки тому

You are welcome

@Mahmoud-fn6bz Рік тому

Thank you

@sitharaabhilash3627 2 роки тому

Hi Adam. Your Video's are really good. It will be great if you can make videos for other Microsoft certifications( SC-400,SC-300 and SC-200).

@skycode2310 Рік тому

Hi Adam, thanks. I'm getting this certification

@tribhuwantiwari2386 4 місяці тому

Very good explanation 👍

@denkozlov4220 2 роки тому

Thank you Adam!

@AdamMarczakYT 2 роки тому

My pleasure!

@alexanderacchiardo460 3 роки тому

Great one and great explained

@AdamMarczakYT 3 роки тому

Glad you liked it!

@tighthead03 3 роки тому

Amazing explanation

@AdamMarczakYT 3 роки тому

Glad you think so!

@ronak-vora 3 роки тому

Very Good Explanation.. Good Job mate

@AdamMarczakYT 3 роки тому

Thank you! 👍

@dougspindler4947 2 роки тому

Very well done.

@AdamMarczakYT 2 роки тому

Thank you kindly!

@chvrleshd 8 місяців тому

Please make a playlist for AZ-104. You're the only one that will put an end to the ambiguity in azure 😅

@NazrulIslam-zh1hd 2 роки тому

Excellent video

@AdamMarczakYT 2 роки тому

Thank you very much!

@talentdlamini9326 3 роки тому

you the best💓👌

@AdamMarczakYT 3 роки тому

Thanks!

@Annamalaibatsha 3 роки тому

Very easy to understand thanks

@AdamMarczakYT 3 роки тому

You are welcome

@Lordxfx 3 роки тому

Subbed! Nice 1

@AdamMarczakYT 3 роки тому

Thanks for the sub! Welcome aboard!

@kristiyanivanov7414 2 роки тому

Nicely done.

@AdamMarczakYT 2 роки тому

Thank you! Cheers!

@abdeldev1675 8 місяців тому

😇😇😇Um ehrlich zu sein, du bist der Beste aller Zeiten. Wenn Sie auch Azure 104 (kurs) machen, wäre es besser

@chettriaone 2 роки тому

@Adam in 04:05 --While adding inbound security rule in our NSG, we have source, SPR, destination, DPR, protocol and action. In protocol field we have 4 options ie,(Any, TCP, UDP and ICMP). So my question is, Is this possible to select more than one option (in protocol field)? for example protocol: TCP amd ICMP. Or its only one option at a time?

@AdamMarczakYT 2 роки тому

One at the time, that's why they added option Any to allow for all of them.

@vak21 3 роки тому

Hi Adam, thanks for the great content. I just have one question... in 1:05 you say that all traffic comming from the internet would be allowd... but I think there the "implicit" deny rule. Therefore, traffic must be explicitly permitted...

@AdamMarczakYT 3 роки тому

Great question. Notice that you said you have a 'default rule', that means you also have a NSG. In this example, I have shown a diagram with no NSGs. In that case all ports are exposed to the internet/intranet. In Azure your can create resources without NSG if you want, but by default templates include NSG so most people don't even realize that. I used this as an example as to why NSGs are so important for us.

@vak21 3 роки тому

@@AdamMarczakYT thanks !

@SaurabhKumar-pb2hw 2 роки тому

thanku for this beautiful video, just a small doubt, can we give different OS to different instances in same VMSS?? is this possible using ARM template?

@AdamMarczakYT 2 роки тому

VMSS = identical VMs, if you change OS they are no longer identical, so no. Thanks for watching! :)

@---tr9qg 9 місяців тому

NSG allow/block specific port not service. NSG can't be used as Application(service) firewall. For example, if i decided to use ssh on port 2224, NSG rule that block 22 port can't prevent my attempt to connect to host via ssh.

@antonikowalski8788 2 роки тому

Dziękuję za kurs! Czy mógłby Pan podpowiedzieć czym się różnią certyfikaty MS-900 i AZ-900?

@AdamMarczakYT 2 роки тому

MS- skupia sie na Microsoft 365, czyli uslugi office, power platform, etc. AZ- na Azure.

@stephenadams2397 3 роки тому

I know this is probably just for example purposes but was there any reason you placed your logic service in the same subnet as the web subnet? I'm thinking you could have had Web Subnet => Logic Subnet => DB Subnet as that seems more in-line with your security architecture when you used ASG.

@AdamMarczakYT 3 роки тому

You are correct, this is just for simplicity sake. 😀

@josephrenderos2031 Рік тому

I have a question about how NSG works. So if I were to create a rule to allow RDP with a priority of 100, and another rule to block RDP with a priority of 101, would RDP be allowed in this case?

@gvsmchaithanya2847 3 роки тому

Very KISS (Keep In Short Simple) I got clarity about NSG & ASG. Can I know which software or thing you are using the presentation? It gives me a very clear understanding.

@AdamMarczakYT 3 роки тому

Thank you :) I just use powerpoint only, no extra tools.

@bartekz88 3 роки тому

Great stuff like always. How many episodes left to do in AZ-900 ?

@AdamMarczakYT 3 роки тому

Check the website :) marczak.io/az-900 the agenda is always there with a list of episodes. All remaining episodes should be released in the next 2 months.

@oslobot 3 роки тому

Thanks Adam. Another good one! These are great. Heads up: There's a spelling mistake on the practice test answer for #1 "Serurity"

@AdamMarczakYT 3 роки тому

Darn it! Thanks Pete, I ran this through grammarly, maybe I'm just getting blind this days :)

@DanielWeikert 3 роки тому

The NSG is an own resource correct? So after creating how do you link specific resources to the group and are rules for one nsg then applied to all resources linked or can they be customized for each resource?

@AdamMarczakYT 3 роки тому

Great question Daniel. Inside of the NSG resource there are panels which allow you to associate NSG to either specific Network Interfaces of Virtual Machines or to entire Subnet. Lot's of info on this can be found here if you are interested: docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?WT.mc_id=AZ-MVP-5003556

@DanielWeikert 3 роки тому

@@AdamMarczakYT Thanks for your quick reply Adam. Your videos are amazing and very helpful for beginners like me. Highly appreciate it! I really hope you will do an additional more advanced/ more detailed series with more practical examples in the future Keep up the great work! BR stay healthy and enjoy your evening

@AdamMarczakYT 3 роки тому

Thanks Daniel, likewise stay safe :) Thanks for stopping by!

@musclehead1992 3 роки тому

So if you have port 80 or 22 or any port for SSH , https or RDP. I can scan it using public ip via Nmap. Find vulnerability and i would attack your web server first and escalate to root privilege then move laterally to the data base and extract any files using Steganography.

@AdamMarczakYT 3 роки тому

"Find vulnerability" - that's the tricky part. Azure Services are always up to date with latest security patches.

@denkozlov4220 2 роки тому

I didn't understand how to configure subnets within Network Security Groups, how would I attach inbound or outbound rules for the whole subnet range of IP addresses?

@AdamMarczakYT 2 роки тому

Rules are affecting those that the NSG is attached to. If NSG is attached to Network Interface it will only affect that NIC. You need to attach NSG to an entire subnet for the rules to affect entire subnet.

@thiyagarajanrajendran5277 3 роки тому

Can we associate nsg to a vitrual network subnet and vitrual network and to a network interface?

@AdamMarczakYT 3 роки тому

NSG can be associated with specific network interface or entire subnet.

@rohansrivastwa827 Рік тому

From which source you create these kind of animation?

@MrDanesorensen 2 роки тому

You mention the reduced maintenance requirement of ASG's, can you, or anyone else expand on the maintenance reduction?

@ramachandranthangam6421 2 роки тому

I also have the same question

@AdamMarczakYT 2 роки тому

If you have 100 VMs but you want to expose only 50 via NSG you would need to create many rules for them based on static IPs or ranges. It's easier to group those 50 in ASG and add that ASG in NSG.

@jjjjjo 2 роки тому

Network Security group is not located in Azure Virtual Network, right?

@AdamMarczakYT 2 роки тому

Nope, it's a separate resource which can be associated with a subnet or network interface

@frpmz1906 3 роки тому

Like DJ Khaled, "ANOTHER ONE".

@AdamMarczakYT 3 роки тому

😂 thanks!

@danielailieva7130 2 роки тому

Hi Adam, how many hours is the total length of 39 episodes?

@fridaynyambe3170 Рік тому

7hours

@mrprvnm 3 роки тому

Associate NSG to virtual network is possible?

@AdamMarczakYT 3 роки тому

Either VNet subnet or network interface.

@musclehead1992 3 роки тому

So security rules act as a firewall.

@AdamMarczakYT 3 роки тому

Like a very simple one, yes. It's not inspecting the traffic but just filtering it. So partially yes.

@ajaznawaz37 2 роки тому

Hmm. sorry but where is the ‘vnet’

@AdamMarczakYT 2 роки тому

It's on the screen :) white border, title is underneath

@ajaznawaz37 2 роки тому

@@AdamMarczakYT Ah I see now (i think), it states virtual network. when you are coming from a legacy backgroud 'virtual network' can mean few different things. so sorry to sound pedantic, i like to keep 'cloud' terminology in a 'cloud bucket' and avoid to mix the two.