Benchmark: 6 Networking
Overview
This section covers security recommendations to follow in order to set networking policies on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 6 Networking.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_6Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_6 --shareControls
- 6.1 Ensure that RDP access from the Internet is evaluated and restricted
- 6.2 Ensure that SSH access from the Internet is evaluated and restricted
- 6.3 Ensure that UDP access from the Internet is evaluated and restricted
- 6.4 Ensure that HTTP(S) access from the Internet is evaluated and restricted
- 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
- 6.6 Ensure that Network Watcher is 'Enabled'
- 6.7 Ensure that Public IP addresses are Evaluated on a Periodic Basis