Network Interfaces With Public IP
- Query id: c1573577-e494-4417-8854-7e119368dc8b
- Query name: Network Interfaces With Public IP
- Platform: Terraform
- Severity: Medium
- Category: Networking and Firewall
- CWE: 200
- URL: Github
Description¶
Network Interfaces should not be exposed with a public IP address. If configured, additional security baselines should be followed (https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/virtual-network-security-baseline, https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/public-ip-security-baseline)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_network_interface" "positive" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = "IP"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_network_interface" "negative" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}