Azure Introduction
Azure Pricing
Azure Threats
Check for Unrestricted Netbios Access
More Info:
Ensure that no network security groups allow unrestricted inbound access on TCP port 139 and UDP ports 137 and 138 (NetBIOS).
Risk Level
High
Address
Security
Compliance Standards
HIPAA, NIST, HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
Here are the step-by-step instructions to remediate the Unrestricted Netbios Access misconfiguration in Azure:
- Log in to the Azure portal.
- Go to the “Virtual networks” page.
- Select the virtual network that you want to remediate.
- Click on the “Subnets” option in the left-hand menu.
- Select the subnet that you want to remediate.
- Click on the “Network security group” option in the left-hand menu.
- Click on the “Edit” button to edit the network security group associated with the subnet.
- Click on the “Inbound security rules” option in the left-hand menu.
- Find the rule that allows unrestricted NetBIOS access.
- Click on the rule to select it.
- Click on the “Delete” button to delete the rule.
- Click on the “Save” button to save the changes.
By following these steps, you have successfully remediated the Unrestricted Netbios Access misconfiguration in Azure.
To remediate Unrestricted NetBIOS Access in Azure using Azure CLI, follow the below steps:
Step 1: Open Azure CLI and login to your Azure account.
Step 2: Run the below command to list all the network security groups in your subscription:
az network nsg list
Step 3: Identify the NSG that is associated with your virtual machine or subnet that has Unrestricted NetBIOS Access.
Step 4: Run the below command to get the details of the NSG:
az network nsg show --name <nsg-name> --resource-group <resource-group-name>
Step 5: Identify the security rule that allows Unrestricted NetBIOS Access.
Step 6: Run the below command to delete the security rule:
az network nsg rule delete --name <rule-name> --nsg-name <nsg-name> --resource-group <resource-group-name>
Note: Replace <rule-name>
, <nsg-name>
and <resource-group-name>
with the actual values.
Step 7: Verify that the security rule is deleted by running the below command:
az network nsg show --name <nsg-name> --resource-group <resource-group-name>
Step 8: Repeat the above steps for all the NSGs that have Unrestricted NetBIOS Access.
By following the above steps, you can remediate Unrestricted NetBIOS Access in Azure using Azure CLI.
To remediate Unrestricted Netbios Access in Azure using Python, you can follow the below steps:
Step 1: Install the Azure SDK for Python using pip.
pip install azure
Step 2: Authenticate with Azure using the below code.
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.network import NetworkManagementClient
subscription_id = 'your_subscription_id'
credentials = ServicePrincipalCredentials(
client_id='your_client_id',
secret='your_secret',
tenant='your_tenant_id'
)
network_client = NetworkManagementClient(
credentials,
subscription_id
)
Step 3: Get the Network Security Group (NSG) that has unrestricted Netbios access using the below code.
nsg_name = 'your_nsg_name'
resource_group_name = 'your_resource_group_name'
nsg = network_client.network_security_groups.get(
resource_group_name,
nsg_name
)
Step 4: Remove the rule that allows unrestricted Netbios access using the below code.
rule_name = 'your_rule_name'
for rule in nsg.security_rules:
if rule.name == rule_name:
nsg.security_rules.remove(rule)
break
poller = network_client.network_security_groups.create_or_update(
resource_group_name,
nsg_name,
nsg
)
poller.wait()
This code will remove the rule that allows unrestricted Netbios access from the NSG. You can replace the your_nsg_name
, your_resource_group_name
, and your_rule_name
with your own values.