More Info:

Ensure that no network security groups allow unrestricted inbound access on TCP port 445 (Common Internet File System – CIFS).

Risk Level

High

Address

Security

Compliance Standards

HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

To remediate the “Unrestricted CIFS Access” misconfiguration in Azure, you can follow these steps:

  1. Login to the Azure portal (https://portal.azure.com/).
  2. Navigate to the storage account that has the misconfiguration.
  3. Click on the “Firewalls and virtual networks” tab from the left-hand menu.
  4. Under the “Allow access from” section, select “Selected networks”.
  5. In the “Selected networks” section, click on the “Add existing virtual network” button.
  6. Select the virtual network that is associated with the resource that needs access to the storage account.
  7. Click on the “Add” button.
  8. Under the “Allow trusted Microsoft services” section, select “Yes”.
  9. Click on the “Save” button to apply the changes.

By following these steps, you have restricted the access to the storage account to only the selected virtual network and allowed trusted Microsoft services to access it. This should remediate the “Unrestricted CIFS Access” misconfiguration.