Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Severity: High

Description: This control ensures that network security group does not allows to TCP or UDP port 53 for DNS from any (*) source address. The potential security problem with using open port over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use your virtual machine as a launch point for compromising other machines on your Azure Virtual Network or even attack networked devices outside of Azure.

Remediation Steps:

Perform following to update App Service configuration:

  1. Login to Azure Portal using https://portal.azure.com.

  2. Go to Application security groups.

  3. Click on the application security group that reported to delete the rule.

  4. In the network security group's menu bar, choose Inbound security rules.

  5. In the left menu, under the Security section, click Advanced security.

  6. Select the rule which allows access from any (*) source address.

  7. Select Delete, and then select Yes.

Important:

  • Remediating may result in user losing some connection whose IP is not whitelisted in rules

Reference:

  • No labels