Friday, January 12, 2018

Azure Tips

Tip #01- Enablement Of Ping On Windows VM

Ping is widely used to communicate from one VM to another. It uses the Internet Control Message Protocol (ICMP), which is denied through the Windows Firewall, by default. you can enable the Internet Control Message Protocol (ICMP) through the Windows firewall so that you can ping the second server.Below is the powershell command to achieve he same-
New-NetFirewallRule -DisplayName "Allow ICMPv4-In"-Protocol ICMPv4 
Tip #02- Deny All To Internet 

Most of the times you might hear Architects designing their Security layers by Denying all traffic to the Internet( In case of Azure through NSG) though this will ensure the security of your network from data leakage or malware, but at times it can lead to frustration and can break things which are suppose to function smoothly. Some times your VM's do need access to Azure IP addresses(Service like Azure Storage, Azure SQL Database, etc..).Now as these IPS also falls under the Internet tag, When you are blocking the internet unknowingly you are blocking access to these services as well. There is very good solution for such scenario by Microsoft’s Keith Mayer, you can refer his Article to have more comprehensive approach for this.

No comments:

Post a Comment