Azure Introduction
Azure Pricing
Azure Threats
Check for Unrestricted Telnet Access
More Info:
Ensure that no network security groups allow unrestricted inbound access on TCP port 23.
Risk Level
High
Address
Security
Compliance Standards
PCIDSS, HITRUST, GDPR, SOC2, NISTCSF, FedRAMP
Triage and Remediation
Remediation
Sure, here are the step-by-step instructions to remediate “Unrestricted Telnet Access” misconfiguration in Azure using Azure console:
- Open the Azure portal and log in to your account.
- Navigate to the “Security Center” from the left-hand side menu.
- Click on the “Security Center” blade and then click on “Security Alerts” from the left-hand side menu.
- Search for the alert related to “Unrestricted Telnet Access”.
- Click on the alert to get more details about the misconfiguration.
- Click on “Remediate” button to start the remediation process.
- In the remediation window, select the “Apply to subscription” option.
- Click on “Remediate” again to start the remediation process.
Once the remediation process is completed, the “Unrestricted Telnet Access” misconfiguration will be remediated in Azure.
Note: You can also use Azure PowerShell or Azure CLI to remediate this misconfiguration.
To remediate the misconfiguration of unrestricted Telnet access in Azure using Azure CLI, follow these steps:
-
Open Azure CLI and login to your Azure account using the following command:
az login
-
Once you are logged in, set the correct subscription using the following command:
az account set --subscription <subscription_id>
-
Next, find the network security group (NSG) that is associated with the virtual machine (VM) that has unrestricted Telnet access. You can do this by running the following command:
az network nsg list --query "[?contains(defaultSecurityRules[].destinationPortRange, '23')].{Name:name, ResourceGroup:resourceGroup}"
This command will list all the NSGs that have a default security rule allowing traffic on port 23 (Telnet).
-
Once you have identified the NSG, you can update the default security rule to deny Telnet traffic using the following command:
az network nsg rule update --name "AllowTelnet" --nsg-name <nsg_name> --resource-group <resource_group_name> --access Deny --protocol Tcp --direction Inbound --priority 1000 --destination-port-range 23
This command will update the default security rule in the NSG to deny Telnet traffic on port 23.
-
Finally, verify that the default security rule has been updated by running the following command:
az network nsg show --name <nsg_name> --resource-group <resource_group_name>
This command will show the details of the NSG, including the updated default security rule.
By following these steps, you can remediate the misconfiguration of unrestricted Telnet access in Azure using Azure CLI.
To remediate Unrestricted Telnet Access in Azure using Python, you can follow these steps:
- Install the Azure SDK for Python using the following command:
pip install azure
- Use the following Python script to remediate the issue:
from azure.mgmt.network import NetworkManagementClient
from azure.common.credentials import ServicePrincipalCredentials
# Fill in your Azure credentials
subscription_id = 'your-subscription-id'
client_id = 'your-client-id'
secret = 'your-client-secret'
tenant = 'your-tenant-id'
# Fill in the name of the resource group and the network security group
resource_group_name = 'your-resource-group-name'
network_security_group_name = 'your-network-security-group-name'
# Create the credentials object
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=secret,
tenant=tenant
)
# Create the network management client object
network_client = NetworkManagementClient(credentials, subscription_id)
# Get the network security group
network_security_group = network_client.network_security_groups.get(
resource_group_name,
network_security_group_name
)
# Remove the inbound rule for telnet
telnet_rule = next((r for r in network_security_group.security_rules if r.name == 'AllowTelnet'), None)
if telnet_rule:
network_security_group.security_rules.remove(telnet_rule)
# Update the network security group
network_client.network_security_groups.create_or_update(
resource_group_name,
network_security_group_name,
network_security_group
)
print('Telnet rule removed successfully.')
-
Replace the placeholders in the script with your Azure credentials, resource group name, and network security group name.
-
Run the script using the following command:
python remediate_telnet.py
This will remove the inbound rule for telnet in the specified network security group, thus remediating the Unrestricted Telnet Access issue.