SQL Server with Mr. Denny

Nov 27 2017   4:00PM GMT

Should I be blocking outbound ports in Azure by default?

Denny Cherry Denny Cherry Profile: Denny Cherry

Tags:
Azure

The short answer is that yes there are ports that you’ll want to block outbound by default.  There’s a variety of amplification attacks that you have the possibility of being a member of. These attacks aren’t against your systems, but you run the risk of your machines being used to amplify attacks against others. These could be DNS based, NTP Based, or other kinds of amplification accounts.

Occasionally I  get notifications from Azure that they see these ports open, and that you should network Network Security Groups to closed the unneeded ports.

Two of the ports that I’ve needed to deal with recently are UDP 123 and 389.  Blocking these was a minor issue but best practice.

UDP 123 and 389Blocking these in Azure is super low risk and easy to implement,

To be clear there is no inherent risk of being in Azure compared to other platforms.   These sorts of amplification issues can come up in any environment. The beautiful thing about Azure is that they monitor these outbound issues and report back to the end  on what blocking needs to be done for successful implementations,

Denny

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: