Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.NET.VirtualMachine.UDPdb
Covered by Spectral: No
Category: Compute

GSL LOGIC

VirtualMachine where isPublic=true should not have nics contain [ networkSecurityGroup.inboundSecurityRules contain [protocol in ('UDP','All')] and networkSecurityGroup.inboundSecurityRules contain [ sourceAddressPrefixes contain [ '0.0.0.0/0' ] and destinationAddressPrefixes contain [ '0.0.0.0/0' ]] and networkSecurityGroup.inboundSecurityRules contain [ destinationPortRanges contain [destinationPort in($CloudGuard_Known_DB_UDP_Ports) ] ] ]

REMEDIATION

From Portal

Go to 'Virtual machines' and choose the relevant VM
Select 'Networking' under 'Settings' in the navigation menu
Under 'Inbound port rules' examine for overly permissive rules
Modify the rules accordingly to prevent public access to various UDP ports.

From TF
Please find additional information under references.

From Command Line
Inspect virtual machine NSG rules:

az network nsg show --name NETWORK SECURITY GROUP --resource-group RESOURCE GROUP

Note: Additional command line methods for rule update or creation can be found under the references.

References

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

AZU PCI-DSS 4.0
Azure CSA CCM v.3.0.1
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure CloudGuard Network Security Alerts
Azure CloudGuard SOC2 based on AICPA TSC 2017
Azure GDPR Readiness
Azure ISO 27001:2013
Azure LGPD regulation
Azure NIST 800-53 Rev 4
Azure NIST CSF v1.1
Azure New Zealand Information Security Manual (NZISM) v.3.4
Azure PCI-DSS 3.2
Azure Security Risk Management
CloudGuard Azure All Rules Ruleset