Azure-SecurityCenter-Monitor-IP-Forwarding

Severity : Medium

Description: This control ensures that IP forwarding enabled on virtual machines is being monitored. Enabling IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations and this should be reviewed by the network security team. The Azure built-in policy disableIPForwardingMonitoring monitors IP forwarding enabled on Azure virtual machines

Remediation Steps:

Perform following to update parameters:

  1. Login to Azure Portal using https://portal.azure.com.

  2. Go to Microsoft Defender for Cloud.

  3. In the left menu, click the Environment settings under Management.

  4. Select the subscription to be remediated.

  5. Click on Security Policy on left menu.

  6. Select the initiative assignment ASC Default (Subscription ID).

  7. Select the Parameters tab and uncheck the checkbox, Only show parameters that require input.

  8. Search for the parameter IP forwarding on your virtual machine should be disabled.

  9. Select AuditIfNotExists from the dropdown.

  10. Click Review + save.

Important:

Reference:

  • What are security policies, initiatives, and recommendations?

  • Create, change, or delete a network interface

Blue Hexagon Proprietary