Ensure that at least one Network Security Group is attached to all VMs and subnets that are public
Attach a Network Security Group to each VM or subnet containing a VM. If no Network Security Group is attached to either the Virtual Machine or the subnet, the VM is not protected and can be accessed from the internet.
Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.NET.07
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
VirtualMachine where isPublic=true and isScaleSetVm=false should not have nics with [ networkSecurityGroup.name='no-NSG-attached' and subnet.securityGroup.name='no-NSG-attached' ]
REMEDIATION
From Portal
- Login into the Azure portal.
- Go to Virtual machines.
- For each Virtual machines, select Networking under Security.
- Click on the Netwok Interface.
- Select Network Security Group under Settings.
- Attach a Network Security Group.
- Click save.
References
- https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal
- https://techcommunity.microsoft.com/t5/azure-compute/change-nsg-for-an-azure-vm/m-p/161157
Virtual Machine
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.
Compliance Frameworks
- Azure CSA CCM v.3.0.1
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure CloudGuard CheckUp
- Azure CloudGuard Network Security Alerts
- Azure CloudGuard SOC2 based on AICPA TSC 2017
- Azure HIPAA
- Azure HITRUST v9.5.0
- Azure ISO 27001:2013
- Azure LGPD regulation
- Azure NIST 800-171
- Azure NIST 800-53 Rev 4
- Azure NIST 800-53 Rev 5
- Azure NIST CSF v1.1
- Azure New Zealand Information Security Manual (NZISM) v.3.4
- Azure PCI-DSS 3.2
- Azure Security Risk Management
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated over 1 year ago