Network misconfigurations

Network security group rule allows direct UDP based services access from the internet

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Azure network security group rules allow or deny traffic when its conditions are met. The rules allow users to specify the type of traffic, such as ports ,protocols, source and destination of the traffic, including IP addresses, subnets, and instances. {AzureNetworkSecurityGroupRule} allows direct UDP based services (ports : 53, 123, 161, 389, 1900) access from the internet, which puts at risk your Azure Virtual Machines.
  • Recommended Mitigation

    Restrict direct UDP based services access to your Azure Virtual Machines from the Internet. By default, UDP access from internet is disabled.