Azure Introduction
Azure Pricing
Azure Threats
Check for Unrestricted SMTP Access
More Info:
Ensure that no network security groups allow unrestricted inbound access on TCP port 25.
Risk Level
High
Address
Security
Compliance Standards
HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
Sure, here are the step by step instructions to remediate Unrestricted SMTP Access misconfiguration in Azure:
-
Login to the Azure portal and navigate to the problematic resource group.
-
In the left-hand menu, click on “Network security group”.
-
Select the network security group that is associated with the affected resource.
-
Click on “Inbound security rules” and then click on “Add”.
-
In the “Add inbound security rule” page, provide the following details:
- Source: Select “IP addresses”.
- Source IP addresses: Enter the IP address range that you want to allow SMTP access for.
- Destination: Select “Any”.
- Protocol: Select “TCP”.
- Destination port ranges: Enter “25” (SMTP port number).
- Name: Enter a name for the rule.
- Priority: Choose a priority number that is lower than the existing SMTP rule.
-
Click on “Add” to create the new rule.
-
Verify that the new rule is created successfully and the old rule is deleted.
By following these steps, you have successfully remediated the Unrestricted SMTP Access misconfiguration in Azure using the Azure console.
To remediate Unrestricted SMTP Access in AZURE using AZURE CLI, you can follow the below steps:
Step 1: Open the Azure CLI on your local machine.
Step 2: Login to your Azure account using the below command:
az login
Step 3: Once you are logged in, run the below command to list all the virtual machines in your Azure account:
az vm list
Step 4: Identify the virtual machine that has unrestricted SMTP access.
Step 5: Run the below command to open the Network Security Group (NSG) associated with the virtual machine:
az network nsg show --resource-group <resource-group-name> --name <nsg-name>
Step 6: Identify the rule that allows unrestricted SMTP access.
Step 7: Run the below command to delete the rule:
az network nsg rule delete --resource-group <resource-group-name> --nsg-name <nsg-name> --name <rule-name>
Step 8: Verify that the rule has been deleted by running the below command:
az network nsg show --resource-group <resource-group-name> --name <nsg-name>
Once you have followed the above steps, the Unrestricted SMTP Access misconfiguration in AZURE would have been remediated successfully.
To remediate Unrestricted SMTP Access issue in Azure using Python, you can follow these steps:
- Import the required libraries:
import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
- Authenticate with Azure:
credential = DefaultAzureCredential()
subscription_id = '<your-subscription-id>'
network_client = NetworkManagementClient(credential, subscription_id)
- Get the list of network security groups in your subscription:
nsg_list = network_client.network_security_groups.list_all()
- For each network security group, check if there is a rule allowing unrestricted SMTP access:
for nsg in nsg_list:
for rule in nsg.security_rules:
if rule.destination_port_range == '25' and rule.destination_address_prefix == '*':
print(f"Unrestricted SMTP access is allowed in NSG {nsg.name}")
- If you find a rule allowing unrestricted SMTP access, remove it:
for nsg in nsg_list:
for rule in nsg.security_rules:
if rule.destination_port_range == '25' and rule.destination_address_prefix == '*':
print(f"Removing rule {rule.name} from NSG {nsg.name}")
network_client.security_rules.begin_delete(resource_group_name='<your-resource-group>', network_security_group_name=nsg.name, security_rule_name=rule.name).wait()
Note: Replace <your-subscription-id> and <your-resource-group> with your actual subscription ID and resource group name. Also, make sure you have the necessary permissions to modify network security groups in your Azure subscription.