Azure-VirtualNetworks-DDoS-Standard-Protection-Enabled

Severity : High

Description: This control ensures that protection against the DDoS attack is enable for the Azure virtual network. DDoS attacks are some of the largest availability and security concerns facing customers applications in the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Application best design practice recommend to enable Azure DDoS Protection Standard as this provides enhanced DDoS mitigation.

Remediation Steps:

Perform following to enable DDoS Standard protection :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to Create a resource under Azure Service.

3. Search for DDoS protection plan and select it.

4. Select Create.

5. Enter values for Name, Subscription, Resource group, Location.

6. Select Apply to create.

7. Navigate to All Resources.

8. Enter the name of virtual network in resource search and select it.

9. Under Settings, Select DDoS Protection.

10. Select Standard, Under DDoS protection plan, select an DDoS protection plan created in above steps.

11. Select Save.

Important:

• With DDoS enabled on a virtual network, it cannot be moved to another resources group. DDoS standard must be disable on the resource first.

Reference:

• https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview

• https://docs.microsoft.com/en-us/azure/ddos-protection/manage-ddos-protection