The network security group should allow specific port rules

azure.network
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Azure Network Security Group (NSG) is configured to allow specific ports rather than all ports or port ranges.

Rationale

NSGs should be configured as granularly as possible, allowing only specific and necessary ports. Leaving ranges of ports open can allow access to ports that are vulnerabile to attack.

Remediation

From the console

Follow the Work with security rules guide to modify the port ranges associated with a NSG using the Microsoft Azure Console.

From the command line

Use the Microsft Azure az network nsg rule update module to update the ports associated with a NSG using the Microsoft Azure CLI.

References