What are the primary differences between network security groups and network access control lists (NACLs) in a cloud environment for Turing?