Check your Microsoft Azure network security groups (NSGs) for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrain access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, man-in-the-middle attacks (MITM) and brute-force attacks. Cloud Conformity strongly recommends that you configure your Microsoft Azure NSGs to limit inbound traffic on TCP port 22 to known IP addresses only.
To determine if your Azure network security groups (NSGs) allow unrestricted access on TCP port 22 (SSH), perform the following actions:
Remediation / Resolution
To update your Azure network security group SSH rule configuration in order to restrict Secure Shell access to specific, authorized entities only such as IP addresses or IP ranges, perform the following actions:
- Azure Official Documentation
- Azure network security overview
- Network security groups
- Create, change, or delete a network security group
- Azure best practices for network security
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted SSH Access
Risk level: Very High