Azure-NetworkSecurityGroups-Open-VNC-Client

Severity: High

Description: This control ensures that network security group does not allows to TCP port 5500 for VNC Client from any (*) source address. The potential security problem with using open port over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use your virtual machine as a launch point for compromising other machines on your Azure Virtual Network or even attack networked devices outside of Azure.

Remediation Steps:

Perform following to update App Service configuration:

  1. Login to Azure Portal using https://portal.azure.com.

  2. Go to Application security groups.

  3. Click on the application security group that reported to delete the rule.

  4. In the network security group's menu bar, choose Inbound security rules.

  5. In the left menu, under the Security section, click Advanced security.

  6. Select the rule which allows access from any (*) source address.

  7. Select Delete, and then select Yes.

Important:

  • Deletion of rule may result in user losing some connection whose IP is not whitelisted in rules

Reference:

 

Blue Hexagon Proprietary