Network Security Group
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. Network Security Group

      Excessive Security Groups

      Risk Level: Low

      Description: 

      This plugin detects whether the account has an excessive number of security groups. Keeping the number of security groups to a bare minimum helps to decrease an account's attack surface. Common rules should be aggregated under the same security groups rather than creating new groups with the same rules for each project. For instance, instead of adding port 22 from a known IP to every group, create a single "SSH" security group that can be used on multiple instances. 

      PingSafe strongly recommends limiting the number of security groups to prevent accidental authorizations.

      Configuration Parameter

      Security Groups Threshold: This parameter denotes the limit of security groups. An alert is generated if the number of security groups exceeds its default value.

      By default the value is set to 30, therefore a vulnerability is generated if the value exceeds this value.

      About the Service :

      In an Azure virtual network, a network security group may be used to restrict network traffic to and from Azure resources. A network security group is a collection of security rules that allow or disallow incoming and outgoing network traffic to and from various Azure services. Source and destination, port, and protocol can all be specified for each rule.

      Impact : 

      If there are a large number of security groups, it increases the account’s attack surface. Common rules should be aggregated under the same security groups rather than creating new groups with the same rules for each project. 

      Steps to reproduce :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s Network Security Groups.
      3. We can observe that there are more security groups than required. Thus, we can conclude that there are excessive security groups and the best security practices are not followed.
      4. Follow the same steps for other accounts as well.

      Steps for remediation :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s Network Security Groups.
      3. We can observe that there are more security groups than required. Thus, we can conclude that there are excessive security groups and the best security practices are not followed.
      4. To overcome this security issue, click on the Network security group and then click on Delete.
      5. Then click on Yes, in the Delete Network Security Group tab.
      6. Follow the same steps for other Network Security Groups as well.

      References :

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support