Friday, January 6, 2023

Cloud Infrastructure Network Segmentation

 

What is Cloud Network Segmentation? Network Segmentation is a proven network security technique that divides a network into smaller, manageable sub-networks that enable network security teams to compartmentalize the sub-networks.

Gain central visibility & control of security policies across heterogeneous environments. See how to get started & manage network segmentation for on-prem & cloud networks. Avoid misconfig errors. Network cloud solutions. Minimize audit prep. Automate network security.


Network segmentation

Maintain proper segmentation so that your workload's reliability isn't compromised by unauthorized access.

This architecture uses Network Security Groups (NSGs) to restrict traffic across subnets and the Connectivity subscription.

NSGs use ServiceTags for the supported services.

Cloud/Platform team

1- Enforce the use of NSGs through Azure Network Manager Policies.

2- Be aware of the workload design. There isn't any direct traffic between the stamps.

Also there aren't inter-region flows.
If those paths are needed, traffic must flow through the Connectivity subscription.

3- Prevent unnecessary hub traffic originating from other workloads into the mission-critical workload.

Egress traffic from regional stamps

All outgoing traffic from each regional spoke network is routed through the centralized Azure Firewall in the regional hub network. It acts as the next hop that inspects and then allows or denies traffic.

Cloud/Platform team

1- Create UDRs for that custom route.

2- Assign Azure policies that will block the application team from creating subnets that don't have the new route table.

3- Give adequate role-based access control (RBAC) permissions to the application team so that they can extend the routes based on the requirements of the workload.







No comments:

Post a Comment