lacework-global-572
6.7 Ensure that Public IP addresses are Evaluated on a Periodic Basis (Manual)
Profile Applicability
• Level 1
Description
Public IP Addresses provide tenant accounts with Internet connectivity for resources contained within the tenant. During the creation of certain resources in Azure, a Public IP Address may be created. All Public IP Addresses within the tenant should be periodically reviewed for accuracy and necessity.
Rationale
Public IP Addresses allocated to the tenant should be periodically reviewed for necessity. Public IP Addresses that are not intentionally assigned and controlled present a publicly facing vector for threat actors and significant risk to the tenant.
Audit
From Azure Portal
- Open the
All Resources
blade - Click on
Add Filter
- In the Add Filter window, select the following:
Filter:
Type
Operator:Equals
Value:Public IP address
- Click the
Apply
button - For each Public IP address in the list, use Overview (or Properties) to review the
"Associated to:"
field and determine if the associated resource is still relevant to your tenant environment. If the associated resource is relevant, ensure that additional controls exist to mitigate risk (e.g. Firewalls, VPNs, Traffic Filtering, Virtual Gateway Appliances, Web Application Firewalls, etc.) on all subsequently attached resources.
From Azure CLI
List all Public IP addresses:
az network public-ip list
For each Public IP address in the output, review the "name"
property and determine if the associated resource is still relevant to your tenant environment. If the associated resource is relevant, ensure that additional controls exist to mitigate risk (e.g. Firewalls, VPNs, Traffic Filtering, Virtual Gateway Appliances, Web Application Firewalls, etc.) on all subsequently attached resources.
Remediation
Remediation will vary significantly depending on your organization's security requirements for the resources attached to each individual Public IP address.
References
https://docs.microsoft.com/en-us/cli/azure/network/public-ip?view=azure-cli-latest
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security