Skip to main content

πŸ›‘οΈ Azure Network Security Perimeter is used to secure Azure PaaS resources🟒βšͺ

  • Contextual name: πŸ›‘οΈ Network Security Perimeter is used to secure Azure PaaS resources🟒βšͺ
  • ID: /ce/ca/azure/resource-manager/network-security-perimeter
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY

Description​

Open File

Description​

Azure Network Security Perimeter creates a logical boundary around Azure platform-as-a-service (PaaS) resources outside of virtual networks. By default, the network security perimeter denies public access to associated PaaS resources, with the ability to define explicit rules for inbound and outbound traffic.

While an automated assessment procedure exists for this recommendation, the assessment status remains manual. Determining appropriate network security perimeter profiles and resource assignments depends on the context and requirements of each organization and environment.

Rationale​

Network security perimeter denies public access to PaaS resources, reducing exposure and mitigating data exfiltration risks.

Impact​

Implementation requires administrative effort to configure and maintain network security perimeter profiles and resource assignments. Azure does not list any additional charges for using network security perimeters.

Audit​

From Azure Portal​
  1. Go to Resource groups.
  2. Click the name of a resource group.

... see more

Remediation​

Open File

Remediation​

From Azure Portal​

Create and associate PaaS resources with a new network security perimeter:

  1. Go to Network Security Perimeters.
  2. Click + Create.
  3. Select a Subscription and Resource group, provide a Name, select a Region, and provide a Profile name.
  4. Click Next.
  5. Click + Add.
  6. Check the box next to a PaaS resource to associate it with the network security perimeter.
  7. Click Select.
  8. Click Next.
  9. Configure appropriate Inbound access rules for your organization.
  10. Click Next.
  11. Configure appropriate Outbound access rules for your organization.
  12. Click Review + create.
  13. Click Create.

Associate PaaS resources with an existing network security perimeter:

  1. Go to Network Security Perimeters.

  2. Click the name of a network security perimeter.

  3. Under Settings, click Associated resources.

  4. Click + Add.

  5. Select Associate resources with a new profile or Associate resources with an existing profile.

  6. To associate resources with a new profile:

    1. Provide a Name.

... see more

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό CIS Azure v5.0.0 β†’ πŸ’Ό 7.16 Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources (Manual)1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Threat Protection42no data