Ensure that at least one Network Security Group is attached to all VMs and subnets that are public

Attach a Network Security Group to each VM or subnet containing a VM. If no Network Security Group is attached to either the Virtual Machine or the subnet, the VM is not protected and can be accessed from the internet.

Suggest Edits

Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.NET.07
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

VirtualMachine where isPublic=true and isScaleSetVm=false should not have nics with [ networkSecurityGroup.name='no-NSG-attached' and subnet.securityGroup.name='no-NSG-attached' ]

REMEDIATION

From Portal

Login into the Azure portal.
Go to Virtual machines.
For each Virtual machines, select Networking under Security.
Click on the Netwok Interface.
Select Network Security Group under Settings.
Attach a Network Security Group.
Click save.

References

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

Azure CSA CCM v.3.0.1
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure CloudGuard CheckUp
Azure CloudGuard Network Security Alerts
Azure CloudGuard SOC2 based on AICPA TSC 2017
Azure HIPAA
Azure HITRUST v9.5.0
Azure ISO 27001:2013
Azure LGPD regulation
Azure NIST 800-171
Azure NIST 800-53 Rev 4
Azure NIST 800-53 Rev 5
Azure NIST CSF v1.1
Azure New Zealand Information Security Manual (NZISM) v.3.4
Azure PCI-DSS 3.2
Azure Security Risk Management
CloudGuard Azure All Rules Ruleset
Microsoft Cloud Security Benchmark

Updated about 1 year ago