AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Deprecated]: SSH access from the Internet should be blocked

Name

[Deprecated]: SSH access from the Internet should be blocked
Azure Portal

2c89a2e5-7285-40fe-afe0-ae8654b92fab

Version

2.0.0-deprecated
details on versioning

Category

Network
Microsoft docs

Description

This policy is deprecated. This policy audits any network security rule that allows SSH access from Internet

Mode

All

Type

BuiltIn

Preview

FALSE

Deprecated

True

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC
Role(s)

none

Rule
Aliases

IF (6)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Network/networkSecurityGroups/securityRules/access	Microsoft.Network	networkSecurityGroups/securityRules	properties.access	true
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRange	true
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.destinationPortRanges[*]	true
Microsoft.Network/networkSecurityGroups/securityRules/direction	Microsoft.Network	networkSecurityGroups/securityRules	properties.direction	true
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefix	true
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]	Microsoft.Network	networkSecurityGroups/securityRules	properties.sourceAddressPrefixes[*]	true

Rule
ResourceTypes

Compliance

The following 1 compliance controls are associated with this Policy definition '[Deprecated]: SSH access from the Internet should be blocked' (2c89a2e5-7285-40fe-afe0-ae8654b92fab)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v2.0	NS-4	Azure_Security_Benchmark_v2.0_NS-4	Azure Security Benchmark NS-4	Network Security	Protect applications and services from external network attacks	Customer	Protect Azure resources against attacks from external networks, including distributed denial of service (DDoS) Attacks, application specific attacks, and unsolicited and potentially malicious internet traffic. Azure includes native capabilities for this: - Use Azure Firewall to protect applications and services against potentially malicious traffic from the internet and other external locations. - Use Web Application Firewall (WAF) capabilities in Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) to protect your applications, services, and APIs against application layer attacks. - Protect your assets against DDoS attacks by enabling DDoS standard protection on your Azure virtual networks. - Use Azure Security Center to detect misconfiguration risks related to the above. Azure Firewall Documentation: https://docs.microsoft.com/azure/firewall/ How to deploy Azure WAF: https://docs.microsoft.com/azure/web-application-firewall/overview Manage Azure DDoS Protection Standard using the Azure portal: https://docs.microsoft.com/azure/virtual-network/manage-ddos-protection	n/a	link	15

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-09-27 15:52:17	change	Version remains equal, new suffix: deprecated (2.0.0 > 2.0.0-deprecated)
2020-01-29 21:53:30	add	2c89a2e5-7285-40fe-afe0-ae8654b92fab

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Deprecated]: Azure Security Benchmark v2	bb522ac1-bc39-4957-b194-429bcd3bcb0b	Regulatory Compliance	Deprecated	BuiltIn

JSON