Benchmark: 7 Networking
Overview
This section covers security recommendations to follow in order to set networking policies on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 7 Networking.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_7
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_7 --share
Controls
- 7.1 Ensure that RDP access from the Internet is evaluated and restricted
- 7.2 Ensure that SSH access from the Internet is evaluated and restricted
- 7.3 Ensure that UDP access from the Internet is evaluated and restricted
- 7.4 Ensure that HTTP(S) access from the Internet is evaluated and restricted
- 7.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
- 7.6 Ensure that Network Watcher is 'Enabled' for Azure Regions that are in use
- 7.7 Ensure that Public IP addresses are Evaluated on a Periodic Basis