iCompaas Support

Description:

Disabling public network access ensures that resources within Azure are not exposed to the internet unless explicitly required. This security measure limits the exposure of services to external threats and ensures that only authorized users and systems can access these resources through private network configurations such as Virtual Network (VNet) or VPN.

Rationale:

Disabling public network access minimizes the attack surface of Azure resources by preventing unauthorized access via the internet. By restricting access to internal networks, organizations can ensure sensitive data and systems are protected from potential external threats. This is particularly important for compliance with security frameworks such as ISO 27001, SOC 2, and HIPAA.

Impact:

Disabling public network access will enhance security by preventing external access, but it could affect the functionality of services that require internet connectivity for external access, such as public-facing websites or APIs. Organizations must ensure that services needing public access are appropriately configured with firewalls or proxy services that only allow access from trusted sources.

Default Value:

By default, many Azure resources have public network access enabled. This setting must be manually modified to disable public access.

Pre-requisites:

• Azure account.
  

• Azure resources (e.g., Azure SQL Database, Storage Accounts, Web Apps).
  

• A user with the necessary permissions to modify public network access settings (e.g., Owner, Contributor, Network Admin).
  

Audit:

1. Sign in to the Azure portal as a Network Admin, Owner, or Contributor.
   

2. Navigate to the relevant Azure resource (e.g., Azure SQL Database, Storage Accounts, Web Apps).
   

3. Review the Networking or Firewall settings for the resource and verify that public network access is disabled.
   

Implementation Steps:

1. Sign in to the Azure portal with an Owner, Contributor, or Network Admin role.
   

2. Navigate to the Azure resource that requires public access to be disabled (e.g., SQL Database, Storage Account, or Web App).
   

3. For Azure SQL Database:
   

   • Go to the Networking section.
     

   • Under Public Network Access, select Disabled.
     

   • Save the changes.
     

4. For Azure Storage Account:
   

   • Go to the Networking section.
     

   • Under Public Network Access, select Disabled.
     

   • Save the changes.
     

5. For Azure Web App:
   

   • Go to the Networking section.
     

   • Under Access Restrictions, ensure that only internal IP ranges or VNets have access. Disable public network access if necessary.
     

   • Save the changes.
     

Backout Plan:

1. Sign in to the Azure portal as a Network Admin, Owner, or Contributor.
   

2. Navigate to the relevant Azure resource (e.g., SQL Database, Storage Account, or Web App).
   

3. Under the Networking or Firewall settings, enable Public Network Access.
   

4. Save the changes to revert the resource to public access.
   

References:

• Azure SQL Database - Configure Firewall Rules

• Azure Storage Accounts - Disable Public Access

• Azure Web Apps - Restrict Access