A sensitive port for TCP or UDP protocols is open for the whole network

ID

azure_sensitive_port_exposed

Severity

critical

Vendor

Azure

Resource

Network

Tags

reachable

Description

A sensitive port for TCP or UDP protocols is open for the whole network (23 and 101). You must configure source ip addresses to limit the access or source groups.

Learn more about this topic at Azure security group parameters.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a windows web app with non-exist app service plan
      azure_rm_webapp:
        resource_group: myResourceGroup
        name: myWinWebapp
        https_only: False
        plan:
          resource_group: myAppServicePlan_rg
          name: myAppServicePlan
          is_linux: false
          sku: S1

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a windows web app with non-exist app service plan
      azure_rm_webapp:
        resource_group: myResourceGroup
        name: myWinWebapp
        https_only: True
        plan:
          resource_group: myAppServicePlan_rg
          name: myAppServicePlan
          is_linux: false
          sku: S1