Azure – Azure Security Center is now helping you identifying weak network access

You may already know Azure Security Center, your one stop shop for anything security related on Azure, helping you managing and improving your security posture on your Azure resources (and also on-premises ones if you are in hybrid).

Well, Azure Security Center is now also helping you identifying (or more importantly provides a better visibility) on misconfigured network access – identified as Restrict unauthorized network access.

To start reviewing your network security and apply recommendations connect to your Azure portal (https://portal.azure.com/) and access the Security Center

image_thumb

Then access the Recommendations blade and look for Restrict unauthorized network access

image_thumb[1]

The Restrict unauthorized network access provides the following recommendations:

  • IP forwarding on your virtual machine should be disabled
  • Authorized IP ranges should be defined on Kubernetes Services (Preview)
  • Virtual machines should be associated with a Network Security Group
  • CORS should not allow every resource to access your API App
  • CORS should not allow every resource to access your Function App
  • CORS should not allow every resource to access your Web Application
  • Remote debugging should be turned off for API App
  • Remote debugging should be turned off for Function App
  • Remote debugging should be turned off for Web Application
  • Access should be restricted for permissive Network Security Groups with Internet-facing VMs
  • Network Security Group Rules for Internet facing virtual machines should be hardened
Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies