Load Balancers
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. Load Balancers

      Insecure Ports Open For Load Balancer

      Risk Level: Low

      Description

      This plugin ensures HTTPS load balancers conduct data transfers only on port 443. Inbound NAT rules manage the ports exposed for data transfer for Azure Load Balancers. Using the standard port 443 will ensure all data is encrypted while in transit and prevent insecure connections.

      About the Service

      Load Balancers: Load Balancers is an Azure service used to balance out the incoming requests to different virtual machines. The azure load balancer provides various features other than load balancing, such as port forwarding, automatic reconfiguration during scaling of instances and various others. The load balancer ensures that the incoming traffic does not reach a non-working virtual machine ensuring resilience to physical or software failures of virtual machines.

      Impact

      The standardized port for listening to incoming requests is port 443 for HTTPS connections. Hence, it is highly recommended to use port number 443 as other open ports might not be secured. 

      Steps to Reproduce

      1. Log in to the Azure portal.
      2. Click on Load balancer under Services or type “load balancer” in the search box.
      3. Select any one load balancer from the given records to check for the issue.
      4. From the navigation bar, go to Inbound NAT rules under Settings.
      5. From the defined list of inbound rules check if an HTTPS protocol is set and under the Frontend Port value is set to 443. if not, visit the Steps for Remediation section.
      6. Repeat for other balancers as well.

      Steps for Remediation

      1. Login to azure portal.
      2. Click on Load balancer under Services or type “load balancer” in the search box.
      3. Select any one load balancer from the given records to check for the issue.
      4. From the navigation bar, go to Inbound NAT rules under Settings.
      5. If HTTPS protocol is not defined, click here or check our article on “Load Balancers HTTPS only not configured”. Else, go to step 6.
      6. Click on the HTTPS rule for which rule has to be changed. In front of the Port input field, set the value as 443. Click on Save.
      7. Wait for a few minutes for the changes to get saved. Repeat for other balancers as well.

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support