AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

[Deprecated]: SSH access from the Internet should be blocked

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: SSH access from the Internet should be blocked
Id 2c89a2e5-7285-40fe-afe0-ae8654b92fab
Version 2.0.0-deprecated
Details on versioning
Category Network
Microsoft Learn
Description This policy is deprecated. This policy audits any network security rule that allows SSH access from Internet
Mode All
Type BuiltIn
Preview False
Deprecated True
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/networkSecurityGroups/securityRules/access Microsoft.Network networkSecurityGroups/securityRules properties.access True True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange Microsoft.Network networkSecurityGroups/securityRules properties.destinationPortRange True True
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*] Microsoft.Network networkSecurityGroups/securityRules properties.destinationPortRanges[*] True True
Microsoft.Network/networkSecurityGroups/securityRules/direction Microsoft.Network networkSecurityGroups/securityRules properties.direction True True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix Microsoft.Network networkSecurityGroups/securityRules properties.sourceAddressPrefix True True
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*] Microsoft.Network networkSecurityGroups/securityRules properties.sourceAddressPrefixes[*] True True
Rule resource types IF (1)
Microsoft.Network/networkSecurityGroups/securityRules
Compliance
The following 1 compliance controls are associated with this Policy definition '[Deprecated]: SSH access from the Internet should be blocked' (2c89a2e5-7285-40fe-afe0-ae8654b92fab)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Network Security Protect applications and services from external network attacks Customer Protect Azure resources against attacks from external networks, including distributed denial of service (DDoS) Attacks, application specific attacks, and unsolicited and potentially malicious internet traffic. Azure includes native capabilities for this: - Use Azure Firewall to protect applications and services against potentially malicious traffic from the internet and other external locations. - Use Web Application Firewall (WAF) capabilities in Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) to protect your applications, services, and APIs against application layer attacks. - Protect your assets against DDoS attacks by enabling DDoS protection on your Azure virtual networks. - Use Azure Security Center to detect misconfiguration risks related to the above. Azure Firewall Documentation: https://docs.microsoft.com/azure/firewall/ How to deploy Azure WAF: https://docs.microsoft.com/azure/web-application-firewall/overview Manage Azure DDoS Protection using the Azure portal: https://docs.microsoft.com/azure/virtual-network/manage-ddos-protection n/a link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 change Version remains equal, new suffix: deprecated (2.0.0 > 2.0.0-deprecated)
2020-01-29 21:53:30 add 2c89a2e5-7285-40fe-afe0-ae8654b92fab
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC