Ensure that DDoS Standard Protection feature is enabled for all your security-critical Microsoft Azure virtual networks (VNETs). DDoS Protection Standard is a premium paid cloud feature that offers enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities via adaptive tuning, attack alert notifications, and telemetry to protect against the impacts of large DDoS attacks for all the protected resources available within your Azure virtual networks.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A Distributed Denial-of-Service (DDoS) attack represents a malicious attempt to disrupt the normal traffic of a targeted web server, service or network by overwhelming the target or its infrastructure with a flood of HTTP traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised virtual machines (VMs) or networks as the sources of traffic. DDoS standard protection enables you to protect your Azure cloud resources from DDoS attacks with always-on monitoring and automatic network attack mitigation.
Audit
To determine if DDoS standard protection is enabled for your Azure virtual networks (VNETs), perform the following actions:
Remediation / Resolution
To enable Distributed Denial-of-Service (DDoS) standard protection for your existing Azure virtual networks (VNETs), perform the following actions:
References
- Azure Official Documentation
- Azure network security overview
- Network security groups
- Azure DDoS Protection for virtual networks generally available
- Azure DDoS Protection pricing
- Azure DDoS Protection Standard overview
- Azure Command Line Interface (CLI) Documentation
- az account
- az network vnet list
- az network vnet show
- az network vnet update
- az network ddos-protection create
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable DDoS Standard Protection for Virtual Networks
Risk Level: Medium