Ensure that at least one Network Security Group is attached to all VMs and subnets that are public

Attach a Network Security Group to each VM or subnet containing a VM. If no Network Security Group is attached to either the Virtual Machine or the subnet, the VM is not protected and can be accessed from the internet.

Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.NET.07
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

VirtualMachine where isPublic=true and isScaleSetVm=false should not have nics with [ networkSecurityGroup.name='no-NSG-attached' and subnet.securityGroup.name='no-NSG-attached' ]

REMEDIATION

From Portal

  1. Login into the Azure portal.
  2. Go to Virtual machines.
  3. For each Virtual machines, select Networking under Security.
  4. Click on the Netwok Interface.
  5. Select Network Security Group under Settings.
  6. Attach a Network Security Group.
  7. Click save.

References

  1. https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal
  2. https://techcommunity.microsoft.com/t5/azure-compute/change-nsg-for-an-azure-vm/m-p/161157

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

  • Azure CSA CCM v.3.0.1
  • Azure CSA CCM v.4.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard CheckUp
  • Azure CloudGuard Network Security Alerts
  • Azure CloudGuard SOC2 based on AICPA TSC 2017
  • Azure HIPAA
  • Azure HITRUST v9.5.0
  • Azure ISO 27001:2013
  • Azure LGPD regulation
  • Azure NIST 800-171
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • Azure PCI-DSS 3.2
  • Azure Security Risk Management
  • CloudGuard Azure All Rules Ruleset
  • Microsoft Cloud Security Benchmark