课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Azure Virtual Network - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Azure Virtual Network

- [Instructor] Network is the foundation of today's connected world. Before migrating your workloads from an on-premises environment to the cloud, it's critical to properly design your cloud network. Azure Virtual Network or VNet, enables organizations to build and manage their private network environment in the Microsoft Azure Cloud. It offers additional benefits such as scalability and availability. Network segmentation is a key concept in network security design. Basically, it means dividing a single large network into smaller parts. Why is this important? From a security standpoint, it helps minimize the impact of a breach. For example, if you have separate networks used by marketing, finance, and IT, attackers who penetrate one network may not be able to reach the others. We have talked about zero trust security model before. One of its guiding principles is to assume breach. Network segmentation is an important component that supports zero trust. In addition, network segmentation allows organizations to tailor access controls for individual network zones based on their security, governance, and compliance requirements. For example, a typical three tier web application has a presentation tier, application tier, and the database tier. Instead of running all resources in one network, you can place them in three different subnets, each with different access policies and controls. Azure Virtual Network helps you implement a network segmentation easily. You can create multiple virtual networks across different Azure regions. You can control the network communication among these virtual networks. Within the Virtual Network, you can create multiple subnets to further segment the network. Then you can deploy variance resources in the subnets, based on your system and the security requirements. Now let's take a quick tour of Azure Virtual Networks. Here's the Virtual Networks page in the Azure portal. You can see multiple virtual networks for different business purposes. Click a virtual network. On the overview page, you can find its IP address space. Click Topology. It shows a network diagram. We can see this virtual network contains four subnets. Click Subnets. It shows a list of subnets with their IP ranges. Click a subnet. You can view its details.

内容