last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

[Deprecated]: SSH access from the Internet should be blocked

Name [Deprecated]: SSH access from the Internet should be blocked
Azure Portal
Id 2c89a2e5-7285-40fe-afe0-ae8654b92fab
Version 2.0.0-deprecated
details on versioning
Category Network
Microsoft docs
Description This policy is deprecated. This policy audits any network security rule that allows SSH access from Internet
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default
Audit
Allowed
Audit, Disabled
RBAC
Role(s)
none
Rule
Aliases
IF (6)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Network/networkSecurityGroups/securityRules/access Microsoft.Network networkSecurityGroups/securityRules properties.access true
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange Microsoft.Network networkSecurityGroups/securityRules properties.destinationPortRange true
Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*] Microsoft.Network networkSecurityGroups/securityRules properties.destinationPortRanges[*] true
Microsoft.Network/networkSecurityGroups/securityRules/direction Microsoft.Network networkSecurityGroups/securityRules properties.direction true
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix Microsoft.Network networkSecurityGroups/securityRules properties.sourceAddressPrefix true
Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*] Microsoft.Network networkSecurityGroups/securityRules properties.sourceAddressPrefixes[*] true
Rule
ResourceTypes
Compliance The following 1 compliance controls are associated with this Policy definition '[Deprecated]: SSH access from the Internet should be blocked' (2c89a2e5-7285-40fe-afe0-ae8654b92fab)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Network Security Protect applications and services from external network attacks Customer Protect Azure resources against attacks from external networks, including distributed denial of service (DDoS) Attacks, application specific attacks, and unsolicited and potentially malicious internet traffic. Azure includes native capabilities for this: - Use Azure Firewall to protect applications and services against potentially malicious traffic from the internet and other external locations. - Use Web Application Firewall (WAF) capabilities in Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) to protect your applications, services, and APIs against application layer attacks. - Protect your assets against DDoS attacks by enabling DDoS standard protection on your Azure virtual networks. - Use Azure Security Center to detect misconfiguration risks related to the above. Azure Firewall Documentation: https://docs.microsoft.com/azure/firewall/ How to deploy Azure WAF: https://docs.microsoft.com/azure/web-application-firewall/overview Manage Azure DDoS Protection Standard using the Azure portal: https://docs.microsoft.com/azure/virtual-network/manage-ddos-protection n/a link 15
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 change Version remains equal, new suffix: deprecated (2.0.0 > 2.0.0-deprecated)
2020-01-29 21:53:30 add 2c89a2e5-7285-40fe-afe0-ae8654b92fab
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated BuiltIn
JSON