AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS

Cloudanix

AZURE Network Audit

Ensure that Network Watcher service is enabled within your Azure account subscriptions to help you monitor and diagnose various conditions at the network level. Microsoft Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources within a virtual network.

Network watchers not enabled

Ensure that Network Watcher service is enabled within your Azure account subscriptions to help you monitor and diagnose various conditions at the network level. Microsoft Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources within a virtual network.

Network watchers not provisioned

Ensure that Network Watcher service is enabled and Network Watchers are provisioned within your Azure account subscriptions to help you monitor and diagnose various conditions at the network level. Microsoft Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources within a virtual network.

Security Group Flow Logs should be retained for longer duration

Ensure that your Microsoft Azure Network Security Groups (NSGs) have a sufficient flow log retention period, i.e. greater than or equal to 90 days, configured for reliability and compliance purposes. The retention period represents the number of days to retain flow log data recorded for your network security groups. Azure Network Security Group (NSG) flow log is a feature of the Network Watcher service, that allows you to view information about inbound and outbound IP traffic through an NSG.

Unrestricted FTP Access

Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access on TCP ports 20 and 21 in order to protect against attackers that use brute force methods to gain access to Azure virtual machines associated with these NSGs. TCP ports 20 and 21 are used for data transfer and communication by the File Transfer Protocol (FTP) client-server applications.

Unrestricted MSSQL Server Access

Ensure that all your Microsoft Azure network security groups (NSGs) restrict inbound/ingress access on TCP port 1433 to trusted IP addresses only in order to implement the principle of least privilege and significantly reduce the attack surface. TCP port 1433 is used by Microsoft Azure SQL Server, the relational database management system developed by Microsoft.

Unrestricted MySQL Database Access

Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3306 in order to protect against malicious actors and significantly reduce the attack surface. TCP port 3306 is used by the MySQL Database Server, a popular open-source Relational Database Management System (RDBMS) server.

Unrestricted Oracle Database Access

Ensure that your Microsoft Azure network security groups (NSGs) restrict inbound/ingress access on TCP port 1521 to trusted entities only (i.e. IP addresses) in order to implement the principle of least privilege and vastly reduce the attack surface. TCP port 1521 is used by Oracle Database Server, which is an object-relational database management system (RDBMS) server developed by Oracle Corporation.

Unrestricted PostgreSQL Database Access

Ensure that your Microsoft Azure network security groups (NSGs) allow inbound/ingress access on TCP port 5432 to trusted IP addresses only, in order to implement the principle of least privilege and greatly reduce the attack surface. TCP port 5432 is used by the PostgreSQL Database Server, an object-relational database management system (RDBMS) server developed by PostgreSQL Global Development Group.

Unrestricted RDP Access

Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to protect against attackers that use brute force techniques to gain access to the Azure virtual machines associated with the NSGs. TCP port 3389 is used for secure remote GUI login to Microsoft VMs by connecting a Remote Desktop Protocol (RDP) client application with an RDP server.

Unrestricted RPC Access

Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 135 in order to implement the principle of least privilege and effectively reduce the attack surface. Remote Procedure Call (RPC) TCP port 135 is used for client-server communications by Microsoft Message Queuing (MSMQ) as well as other Microsoft Windows/Windows Server software.

Unrestricted SSH Access

Check your Microsoft Azure network security groups (NSGs) for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrain access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server.

cta-image

Secure Every Layer of Your Cloud Stack with Cloudanix

Unify your security workflows with Cloudanix — one dashboard for misconfigurations, drift detection, CI/CD, and identity protection.

Get Started

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.