Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access on TCP port 139 or UDP ports 137 and 138 in order to protect against attackers that use brute force methods to gain access to Azure virtual machines associated with these NSGs. TCP port 139 and UDP ports 137 and 138 are used for Network Basic Input/Output System (NetBIOS) name resolution (i.e. mapping a NetBIOS name to an IP address) by services such as File and Printer Sharing service running on Microsoft Windows Server OS.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing unrestricted access to your Azure virtual machines (VMs) via network security groups (NSGs) can increase opportunities for malicious activities such as Man-in-the-Middle attacks (MITM), Denial of Service (DoS) attacks, or BadTunnel exploit attacks.
Audit
To determine if your Azure network security groups allow unrestricted access on TCP port 139 or UDP ports 137 and 138, perform the following actions:
Remediation / Resolution
To update your Azure NSG rule(s) configuration in order to restrict NetBIOS access to trusted entities only, such as admin IP addresses or IP ranges, perform the following actions:
References
- Azure Official Documentation
- Azure network security overview
- Network security groups
- Create, change, or delete a network security group
- Azure best practices for network security
- Azure PowerShell Documentation
- az mysql server
- az network nsg list
- az network nsg rule list
- az network nsg rule update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted NetBIOS Access
Risk Level: High