Overly permissive firewalls #177
Assignees
Labels
bug
Something isn't working
EPIC - Pen-test fixes
Fixing security issues found during penetration testing
MVP
Things that need to be considered for the MVP release
Comments
TonyWildish-BH
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The penetration testing report showed that (page 32):
Firewall rules were identified that allowed traffic to be permitted from communication with systems that they are unlikely to require access to.
A number of Network Security Groups were defined within the Azure Trusted Research Environment that controlled traffic to Internet-facing resources, or within private Virtual Networks.
N.B., this may not apply to the SDE, since the pen-test swept up everything in the tenancy, but it needs verifying.
This is a medium level risk, but is something we must fix before the next pen-test.
The text was updated successfully, but these errors were encountered: