LOW
Source
CloudSploit
ID
default-security-group

Default Security Group

Ensures that default security groups block all traffic by default

The default security group is often used for resources launched without a defined security group. For this reason, the default rules should be set to block all traffic to prevent an accidental exposure.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for Network security groups. Step

  3. Select the “Network security group” that needs to be verified. Step

  4. Scroll down the left navigation panel and select the “Inbound security rules” under “Settings.” Step

  5. Under the “Inbound security rules” please make sure traffic is “Deny” for all ports for the best practice. If not, then the selected “Default security group” is not as per the best practices recommended by Azure.Step

  6. Repeat step number 5 for the “Outbound security rules” as well. Step

  7. Repeat steps number 2 - 6 to verify other “Default security groups” in the resources.

  8. Navigate to the “Network security group” and select the security group that needs to modify to deny all traffic by default.Step

  9. Scroll down the left navigation panel and choose “Inbound security rules” under “Settings.”Step

  10. Select the protocol which is having traffic access by default and then click on the option to delete the specific protocol.Step

  11. Repeat step number 10 for “Outbound security rules.”Step

  12. Repeat steps number 8 - 11 to update the rules for the default security group to deny all traffic by default.