Benchmark: 6 Networking
Overview
This section covers security recommendations to follow in order to set networking policies on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 6 Networking.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_6Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_6 --shareControls
- 6.1 Ensure that RDP access is restricted from the internet
- 6.2 Ensure that SSH access is restricted from the internet
- 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)
- 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
- 6.5 Ensure that Network Watcher is 'Enabled'
- 6.6 Ensure that UDP Services are restricted from the Internet