Gregory's Server
@mikemacleod that’s a totally valid point.
I think its difference isn’t borne from it being in the cloud, per se, but because of the nature of virtualised networks… it doesn’t exist until it does. And if you default to having block by default at every step of the process, it puts up a barrier to immediate madness. And there’s a detailed audit log of your crimes against networking.
Local software defined networking is much the same.
At the same time I’ve seen people adequately configure NSGs or other NIC groups and then refer to them as ‘firewalls’ and it makes me want to spoon my eyes out just so I can crush them with my bare hands. But that’s just me.
Another annoyance I have of discovering peoples other crimes, is how many servers have public IPs. Even if they aren’t allowed out via the NSG, there’s still scope for misconfiguration. Just get rid of the NIC. For the love of god.
@SecurityWriter the public IP thing bothers me less, but that’s because I’ve worked in with public-only network configurations and also done some IPv6 rollouts. I think NAT-as-security is a crutch.
As for calling NIC-level network controls firewalls, I’m firmly in the form-radical-function-neutral quadrant of the firewall alignment chart.