The network security group should allow specific port rules

Description

Azure Network Security Group (NSG) is configured to allow specific ports rather than all ports or port ranges.

Rationale

NSGs should be configured as granularly as possible, allowing only specific and necessary ports. Leaving ranges of ports open can allow access to ports that are vulnerabile to attack.

Remediation

From the console

Follow the Work with security rules guide to modify the port ranges associated with a NSG using the Microsoft Azure Console.

From the command line

Use the Microsft Azure az network nsg rule update module to update the ports associated with a NSG using the Microsoft Azure CLI.

References