The network security group should allow specific port rules

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Azure Network Security Group (NSG) is configured to allow specific ports rather than all ports or port ranges.

Rationale

NSGs should be configured as granularly as possible, allowing only specific and necessary ports. Leaving ranges of ports open can allow access to ports that are vulnerabile to attack.

Remediation

From the console

Follow the Work with security rules guide to modify the port ranges associated with a NSG using the Microsoft Azure Console.

From the command line

Use the Microsft Azure az network nsg rule update module to update the ports associated with a NSG using the Microsoft Azure CLI.

References