AZ-010 Microsoft Azure

No NSG allows unrestricted inbound SSH (22) from the internet.

No NSG allows unrestricted inbound SSH (22) from the internet.

Domain
Microsoft Azure
Area
Networking
Automated / manual
Automated

Risk if it fails

Open SSH invites brute-force.

An SSH port open to everyone is hammered by automated password-guessing bots day and night; one weak credential gives an attacker a shell on the server.

How Tess tests it

1 test — each concludes only on cited evidence.

No NSG allows unrestricted inbound SSH (22) from the internet.

Automated
Procedure
Flag Allow inbound 22 from '*'/Internet.

Read-only command 

az network nsg list --query "[].{Name:name,Rules:securityRules[?destinationPortRange=='22' && access=='Allow' && (sourceAddressPrefix=='*' || sourceAddressPrefix=='Internet')]}"

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-010 against your evidence?

Book a demo