Security
Reader small image

You're reading from  Learn Azure Administration - Second Edition

Product typeBook
Published inDec 2023
PublisherPackt
ISBN-139781837636112
Edition2nd Edition
Concepts
Cybersecurity
Right arrow
Author (1)
Kamil Mrzygłód
Kamil Mrzygłód
author image
Kamil Mrzygłód

Kamil Mrzygłód is a technical lead and technology advisor, working with multiple companies on designing and implementing Azure-based systems and platforms. He's a former Microsoft Azure Microsoft Most Valuable Professional (MVP) and certified trainer, who shares his knowledge via various channels, including conference speeches and open source projects and contributions. Kamil lives in Poland with his two cats and one dog, dedicating some of his time to video games, cooking, and traveling.
Read more about Kamil Mrzygłód

Right arrow

Exploring Network Watcher

The last chapter of this book will introduce you to the topic of Network Watcher. So far, in this book, we have worked with networking components (such as virtual networks, load balancers, and network security groups) by provisioning and configuring them. We also covered diagnostic settings, which allow us to export logs from a service to another component (such as Log Analytics, Azure Event Hub, or Azure Storage), which can be of use when investigating issues and auditing resources. However, none of those solutions covered give you the ability to check network traffic and analyze it. To do so, you need to leverage an optional capability of the Azure networking components called Network Watcher.

In this chapter, we’ll look at how to enable, configure, and work with Network Watcher. The information contained within this chapter will help you be more confident when working with networks in Azure and will simplify the analysis and debugging of network...

Technical requirements

For the exercises from this chapter, you’ll need the following:

The Code in Action video for this book can be viewed at: https://packt.link/GTX9F

Getting started – an overview of Network Watcher

As mentioned at the beginning of this chapter, Network Watcher is an additional component that you can leverage when working with networking in Azure. Because networking is an area that is difficult to manage and debug in the cloud (due to the lack of access to the hardware and the use of virtualized network devices), sometimes you may struggle to find the root cause of an issue or track packets being transported over your resources. This is where Network Watcher comes in handy – it covers areas including diagnostics, metrics, and monitoring to help you troubleshoot issues with connectivity, VPNs, and network security groups, and can even capture network packets. Let’s see what tools are available when working with Network Watcher.

Network Watcher toolset

As already pointed out, Network Watcher offers a variety of different tools that you can use to work with your network. For our examination, we will divide...

Verifying flows

Network Watcher can be used to verify traffic flows inside your network using a feature called IP flow verify. It’s meant to be used with Azure Virtual Machines, and its main purpose is to validate the network rules applicable to a given machine. Conceptually, it’s a simple feature – all you need is to configure the correct machine, IP, and ports you’d like to verify. In the Azure portal, it looks like this:

Figure 15.1 – IP flow verify screen in the Azure portal

Figure 15.1 – IP flow verify screen in the Azure portal

If the connection is allowed, you’ll be notified about it as follows:

Figure 15.2 – Result of running IP flow verify when a connection is accepted

Figure 15.2 – Result of running IP flow verify when a connection is accepted

However, if a connection cannot be established (for instance, because of existing rules in the network security group assigned to the network interface of a machine), you’ll get information on what is blocking it (see Figure 15.3):

Figure 15.3 – Failed verification due to NSG rule ...

Diagnosing next hops

When running diagnostics on network traffic, sometimes you need to understand what stands between a virtual machine and the traffic destination. To analyze that, Network Watcher offers a feature called Next hop. To use it, you need to go to the Next hop blade in the Azure portal and configure the machine you’d like to check. In the Azure portal, it looks like this:

Figure 15.4 – Result of checking the next hop to a publicly available IP address

Figure 15.4 – Result of checking the next hop to a publicly available IP address

The hop type presented by the feature depends on your machine’s network configuration and the IP address selected as the destination. As of now, the following next hop types are supported:

  • Internet
  • VirtualNetwork
  • VirtualNetworkPeering
  • VirtualNetworkServiceEndpoint
  • MicrosoftEdge
  • VirtualAppliance
  • VirtualNetworkGateway
  • None

All of these types come from the route table selected by your machine. The default system routes are VirtualNetwork...

Visualizing the network topology

When working with a network in Azure, you may want to better understand its structure (or just validate it) by checking the components visually. A visualization feature is available in the Topology blade when you access your instance of Network Watcher. In the Azure portal, it looks like this:

Figure 15.5 – High-level visualization of an Azure VM with its network interface

Figure 15.5 – High-level visualization of an Azure VM with its network interface

Visualizing a network topology allows you to understand how different components are connected to each other. Network Watcher enables you to visualize different levels of detail by diving deeper into a given component (see Figure 15.6):

Figure 15.6 – Topology of a network interface integrated with a virtual machine, network security group, and public IP address

Figure 15.6 – Topology of a network interface integrated with a virtual machine, network security group, and public IP address

This feature is helpful to quickly validate the state of your network and what exactly is deployed on it. It can also be helpful in some debugging scenarios...

Summary

Chapter 15 was a short introduction to Network Watcher, which is a useful service for everyone working with networks in Azure. We explained the features it offers and looked at its most interesting capabilities (namely, verifying flows, checking next hops, and visualizing the topology of your networks). I strongly recommend playing around with the service a bit to properly understand everything it offers.

The topics covered in this chapter will help you when you’re tasked with debugging or validating network connections in Azure. Not everything can be checked using Network Watcher (it’s still a managed service), but it does come in handy when checking resources such as network security groups or troubleshooting VPN connections.

This was the last chapter of this book. Throughout all of the chapters, we covered lots of different topics, starting with an introduction to Azure, its structure, and its main APIs. We learned how to provision resources using the...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 21 of 23
Next Chapter
You have been reading a chapter from
Learn Azure Administration - Second Edition
Published in: Dec 2023Publisher: PacktISBN-13: 9781837636112
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at AU $19.99/month. Cancel anytime

Author (1)

author image
Kamil Mrzygłód

Kamil Mrzygłód is a technical lead and technology advisor, working with multiple companies on designing and implementing Azure-based systems and platforms. He's a former Microsoft Azure Microsoft Most Valuable Professional (MVP) and certified trainer, who shares his knowledge via various channels, including conference speeches and open source projects and contributions. Kamil lives in Poland with his two cats and one dog, dedicating some of his time to video games, cooking, and traveling.
Read more about Kamil Mrzygłód

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages