Closed vicperdana closed 3 years ago
Awesome. Thanks @vicperdana
In the spirit of lateral traversal, I don't think management ports outbound to the internet is a concern. If we block management traffic to VirtualNetwork
or *
via either 3389
, 22
, or *
I think that addresses the requirement.
Agreed.
https://github.com/Azure/PSRule.Rules.Azure/blob/536f1a5dc534a1cdc4633f9c6c0caa2a1dc1696a/src/PSRule.Rules.Azure/rules/Azure.VirtualNetwork.Rule.ps1#L166
If NSG has rules to deny outbound traffic from VNET to VNET and Internet, the rule should detect and mark the validation to "Pass".