Network Security Group

Open CIFS

Risk Level: High

Description: 

This plugin is crucial to check if the CIFS UDP port 445 is accessible to the general public. While some ports, like HTTP and HTTPS, must be available to the public in order to function, other sensitive services, like CIFS, should be limited to known IP addresses.

If the accessibility of the IP addresses is not kept in check it could make the account vulnerable to attacks.

PingSafe strongly recommends restricting UDP port 445 to known IP addresses.

About the Service :

In an Azure virtual network, a network security group may be used to restrict network traffic to and from Azure resources. A network security group is a collection of security rules that allow or disallow incoming and outgoing network traffic to and from various Azure services. Source and destination, port, and protocol can all be specified for each rule.

Impact : 

Unrestricted ports can make the account vulnerable to attacks. This could lead to the accessibility of sensitive data to the people it’s not meant to be accessible by.

Steps to reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Network Security Groups.
  3. Click on the Security Group that you want to examine. Next, click on the inbound security rules.
  4. Check if the UDP port 445 is accessible to the general public or not. If it shows Allow for all Source and Destination that means it is exposed to the public.
  5. Follow the same steps for other security groups as well.

To check if UDP port 445 is accessible to the general public or not we examined the port Inbound Security Rules.

Steps for remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Network Security Groups.
  3. Click on the Security Group that you want to examine. Next, click on the inbound security rules.
  4. Check if the UDP port 445 is accessible to the general public or not. If it shows Allow for all Source and Destination that means it is exposed to the public.
  5. Next, click on the security group rule and change the source port.
  6. Now the UDP port 445 is not accessible by the public.
  7. Follow the same steps for other security groups as well.

References :

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support