Benchmark: 2.2.1.1 Ensure public network access is Disabled
Overview
Disable public network access to prevent exposure to the internet and reduce the risk of unauthorized access. Use private endpoints to securely manage access within trusted networks.
Disabling public network access improves security by ensuring that a service is not exposed on the public internet.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 2.2.1.1 Ensure public network access is Disabled.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v400_2_2_1_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v400_2_2_1_1 --share
Controls
- Cognitive Services accounts should disable public network access
- Container registries public network access should be disabled
- Data factories should disable public network access
- Azure Key Vault should disable public network access
- Public network access should be disabled for MariaDB servers
- Public network access should be disabled for MySQL servers
- Public network access should be disabled for PostgreSQL servers
- Azure Cognitive Search services should disable public network access
- Public network access on Azure SQL Database should be disabled
- Public network access should be disabled for storage accounts