Network misconfigurations

Azure Subnet without network security group assigned

Platform(s)
Compliance Frameworks
  • CPRA
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • NIST 800-53
  • ,
  • PDPA

Description

The following subnet/s, belong to {AzureVNet} Virtual network, not associated to a network security group: {AzureVNet.Subnets}. A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. If a subnet has no security group associated to, all network traffic is allowed through it. You can filter network traffic between subnets using Network security groups. Network security groups can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. This alert excludes the following subnets: 'GatewaySubnet', 'AzureBastionSubnet', 'AzureFirewallSubnet' becuase due to Microsoft recommendation, there is no need to associate network security groups for those subnets types. For more information, please follow the link: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works#next-steps.