Azure Introduction
Azure Pricing
Azure Threats
Configure Minimum TLS Version
More Info:
Ensure that the Minimum TLS version setting is set to “Version 1.2” for all Azure Storage accounts.
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, ISO27001, CBP
Triage and Remediation
Remediation
To remediate the “Configure Minimum TLS Version” misconfiguration in Azure using the Azure console, follow these steps:
-
Log in to the Azure portal.
-
Navigate to the resource group containing the affected resource.
-
Select the resource that needs to be remediated.
-
Click on the “Networking” tab in the left-hand menu.
-
Scroll down to the “SSL/TLS settings” section and click on “Edit”.
-
In the “Minimum TLS version” dropdown, select the desired minimum version of TLS that should be used.
-
Click on “Save” to apply the changes.
-
Verify that the changes have been applied by running a scan or checking the security compliance report.
Note: It is recommended to use TLS 1.2 or higher as the minimum version to ensure the security of your resources.
To remediate the “Configure Minimum TLS Version” misconfiguration for AZURE using AZURE CLI, follow these steps:
-
Open the Azure CLI and log in to your Azure account.
-
Run the following command to set the minimum TLS version to 1.2 for all web apps in your subscription:
az webapp config set --min-tls-version 1.2 --ids $(az webapp list --query "[].id" --output tsv)This command uses the
az webapp config setcommand to set the minimum TLS version to 1.2 for all web apps in your subscription. The--idsparameter uses theaz webapp listcommand to get a list of all web app IDs in your subscription and passes them to theaz webapp config setcommand. -
Verify that the minimum TLS version has been set correctly by running the following command:
az webapp config show --query "minTlsVersion" --ids $(az webapp list --query "[].id" --output tsv)This command uses the
az webapp config showcommand to display the minimum TLS version for all web apps in your subscription. -
Repeat the above steps for all web apps in your subscription to ensure that the minimum TLS version is set correctly for each app.
By following these steps, you can remediate the “Configure Minimum TLS Version” misconfiguration for AZURE using AZURE CLI.
To remediate the “Configure Minimum TLS Version” misconfiguration in Azure using Python, you can follow the below steps:
- Import the necessary libraries:
from azure.mgmt.web import WebSiteManagementClient
from azure.common.credentials import ServicePrincipalCredentials
- Set the credentials for your Azure account using ServicePrincipalCredentials:
subscription_id = 'your_subscription_id'
client_id = 'your_client_id'
secret = 'your_client_secret'
tenant = 'your_tenant_id'
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=secret,
tenant=tenant
)
- Create a WebSiteManagementClient object using the credentials:
web_client = WebSiteManagementClient(credentials, subscription_id)
- Get the resource group name and app service name for the app you want to remediate:
resource_group_name = 'your_resource_group_name'
app_service_name = 'your_app_service_name'
- Get the current TLS version settings for the app:
app_settings = web_client.web_apps.list_application_settings(resource_group_name, app_service_name)
tls_version = app_settings.properties['WEBSITE_TLS_MIN_VERSION']
- Check if the current TLS version is less than the desired version (e.g. TLS 1.2):
if tls_version != '1.2':
app_settings.properties['WEBSITE_TLS_MIN_VERSION'] = '1.2'
web_client.web_apps.update_application_settings(resource_group_name, app_service_name, app_settings)
- If the current TLS version is less than the desired version, update the app settings to set the minimum TLS version to TLS 1.2.
This will remediate the “Configure Minimum TLS Version” misconfiguration for your Azure app using Python.