Assessing network and firewall settings
With network and firewall settings, it’s important to have clarity of environment isolation requirements, which resources are deployed in an environment, network traffic requirements, and governance over routing tables and defining subnets.
For our walk-through in this section, our control testing will determine whether traffic logging and alerting have been enabled to detect anomalies with connectivity and network traffic. Please review the compliance frameworks that we referenced in Chapter 2, Effective Techniques for Preparing to Audit Cloud Environments, as these may guide you to additional methods for gathering test evidence. In our example, we will walk through one simple method to obtain this information within the Azure cloud environment; however, please keep in mind that there are often many other ways of collecting the same information. Let’s review one option to do this within Microsoft Azure.
Microsoft Azure
To validate the control requiring that network flow logs and alerting are enabled, take the following steps:
- Navigate to the Microsoft Azure portal.
- Select Monitor | Networks.
- Navigate to the Traffic .
Compare the list of items that are shown with any architecture and network diagrams to determine whether logs and alerting have been enabled for the network resource. As shown in Figure 9.1, Australia East(1) NSG does not have flow logs configured, which means this portion of compliancetesting has failed:
Figure 9.1 – Microsoft Azure network traffic logging
Within the same screen, you can also see on the right that 0 Total alert rules have been configured, as shown in Figure 9.2, indicating that the portion of the control requiring configured alerts has also failed:
Figure 9.2 – Microsoft Azure network traffic alerts
Now that we have performed a walk-through of basic network traffic logging control, let’s look at assessing resource management policies.