Sunday, July 19, 2020

What is VPN?

A Virtual Private Network (VPN) is a connection method used to add security and privacy to private and public networks.  For instance, like WiFi Hotspots and the Internet. Corporations use Virtual Private Networks to protect sensitive data.  However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Increase privacy with a Virtual Private Network because the user's initial IP address replaced with one from the Virtual Private Network provider.

VPN helps us to provide privacy to our resources and data. Some of advantages listed below

1.       IP Address hidden because it uses private IP provided by Virtual Private Network provider

2.       Encrypt data transfers over public network

3.       Mask your network location

4.       Set rules for access our private network

What is Azure Virtual Network?

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.

Every VNET has 3 items associated with it

1.       Address space: When creating a VNet, you must specify a custom private IP address space and Azure assigns resources in a virtual network a private IP address from the address space that you assign.

2.       Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. You can then deploy Azure resources in a specific subnet. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups

3.       Regions: VNet is scoped to a single region/location; however, multiple virtual networks from different regions can be connected using Virtual Network Peering.


How to create Azure Virtual Network

Some planning for VNET, you will be able to deploy virtual networks and connect the resources you need more effectively.


Naming

All Azure resources have a name. The name must be unique within a scope, that may vary for each resource type.

Regions

All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource. You can however, connect virtual networks that exist in different subscriptions and regions.

Address space

When creating a VNet, you must specify a custom private IP address space (10.1.0.0/16) and Azure assigns resources (VMs) in a virtual network a private IP address from the address space that you assign. The number of resources inside VNET depend on private IP available for that VNET.  

 

Subnets

Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. You can then deploy Azure resources in a specific subnet. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups. We have created 2 subnets in VNET

1.       FrontEnd (10.1.0.0/24)

2.       BackEnd (10.1.1.0/24)


Security

Network security could be defined as the process of protecting resources from unauthorized access or attack by applying controls to network traffic. The goal is to ensure that only legitimate traffic is allowed

Bastion host

A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. It provides Transport Layer Security (TSL) level security.

 

DDoS (Denial-of-service) protection

A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack. In short, this means that hackers have attempted to make a website or computer unavailable by flooding or crashing the website with too much traffic.

Azure DDoS Protection Standard is a new offering which provides additional DDoS mitigation capabilities and is automatically tuned to protect your specific Azure resources.


Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.


All type of security in one diagram

Created Virtual Network

If you have chosen same option which I have chosen, and press create button your VNET created.

 

It will look like below. This VNET (DJBlogsVNet) has no resources for now we have not created yet. We will create resources (VMs) in next blog.

Try to create VNET in this blog. Next blog we will create resources inside this VNET. Hope it will help to create VNET 

Keep sharing keep learning 

17 comments:

  1. The speed of a VPN is something critical to consider, and may likewise be a deciding element for some individuals when choosing whether they should utilize a VPN by any means.fritzbox

    ReplyDelete
    Replies
    1. Yes right, you should expect a small loss in speed when connecting to any VPN but it provide security to your network.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. It proved to be Very helpful to me and I am sure to all the commentators here! vpn

    ReplyDelete
  4. Thank a lot. You have done excellent job. I enjoyed your blog . Nice efforts vpn

    ReplyDelete
  5. Excellent and very exciting site. Love to watch. Keep Rocking. vpn中国

    ReplyDelete
  6. Thank you for sharing. VPN can easily bypass the firewall through the tunnel. Almost all VPNs have a tunneling protocol that can block your traffic and provide you with complete anonymity and security when browsing the web. So when the webpage is restricted, people usually use circumvention software ( 翻墙软件

    ReplyDelete
  7. Thank you for sharing. Now it is really difficult to use Google to access the wall tool( 翻墙软件 ).

    ReplyDelete
  8. Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though. contratar dj para boda barcelona

    ReplyDelete