Risk Level: High
Description:
This plugin assures that a Virtual Network can only peer with a virtual network that is part of a whitelisted subscription. To satisfy your organization's security compliance needs, virtual networks should only peer with whitelisted virtual networks. In Azure, virtual network peering allows you to link two or more Virtual Networks in a seamless manner.
SentinelOne CNS strongly recommends deleting Peering Connection with the subscription which are not whitelisted.
Configuration Parameters
Whitelisted Peering Subscriptions: This parameter denotes a list of approved whitelisted subscription Id on CNS portal for remote virtual networks which should be allowed for peering. If a Virtual Network is peering with a subscription Id not present in this list, an alert will be generated.
By default, the value is empty, therefore it will create an issue if the Virtual Network is peering with any other subscription.
About the Service :
The Azure Virtual Network (VNet) is the most basic component of your Azure private network. Many types of Azure resources, such as Azure Virtual Machines (VM), can connect securely with one other, the internet, and on-premises networks, thanks to VNet. Azure resources can securely connect with one other, the internet, and on-premises networks thanks to the Azure virtual network.
Impact :
To satisfy your organization's security compliance needs, virtual networks should only peer with whitelisted virtual networks.
Steps to Reproduce :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s All Resources.
- In the Type filter select the value as Virtual Network and click Apply.
- Next, select the virtual network that you want to examine.
- Click on Peerings under Settings.
- Check if the peering connections are only with whitelisted virtual networks or not.
- Repeat the same steps for other virtual networks as well.
Steps for Remediation :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s All Resources.
- In the Type filter select the value as Virtual Network and click Apply.
- Next, select the virtual network that you want to examine.
- Click on Peerings under Settings.
- Check if the peering connections are only with whitelisted virtual networks or not.
- If the peering connection is not with the whitelisted virtual network, select the peering connection and click on Delete.
- Repeat the same steps for other virtual networks as well.
References :