Unrestricted ingress traffic leave assets exposed to remote attacks

• GG_ID: GG_IAC_0021
• Severity: HIGH
• Complexity: LOW
• Categories: NETWORK
• Providers: Azure
• Potential data exposure: True
• Visible in logs: False
• User interaction required: True
• Privileges required: False

Description

Having open ingress means that your asset is exposed to some hosts on the public internet.

• If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
• If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.

Impact

• Denial of service
• Possible exploitation of existing vulnerabilities

Remediation guidelines

Only allow private addresses in the CIDR range.

External documentation

• Azure network best practices