AZURE BL 2-0 Ports Allowed as * or 0-65535 are restricted

Description 

 

By allowing access to all Ports (* or 0-65535)  over the internet you are potentially allowing attackers or malicious users to attempt brute force techniques to gain access to servers, data, and information systems.

 

Remediation 

Azure Portal

  1. Go to Azure Portal 
  2. Select Network Security Groups under resources
  3. Go to Security Group (or all groups one at a time)
  4. Under Settings->Inbound Security Rules
  5. On the right-hand pane, review the list of security rules
  6. Remove or update any inbound rule where incoming / ingress traffic is allowed from port * or 0-65535

 

Additional documents 

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview