Toad World Blog

Should I be blocking outbound ports in Azure by default?

Nov 27, 2017 10:00:15 AM by Denny Cherry

The short answer is that yes there are ports that you’ll want to block outbound by default.  There’s a variety of amplification attacks that you have the possibility of being a member of. These attacks aren’t against your systems, but you run the risk of your machines being used to amplify attacks against others. These could be DNS based, NTP Based, or other kinds of amplification accounts.

Occasionally I  get notifications from Azure that they see these ports open, and that you should network Network Security Groups to closed the unneeded ports.

Two of the ports that I’ve needed to deal with recently are UDP 123 and 389.  Blocking these was a minor issue but best practice.

ports

Blocking these in Azure is super low risk and easy to implement.

To be clear there is no inherent risk of being in Azure compared to other platforms.   These sorts of amplification issues can come up in any environment. The beautiful thing about Azure is that they monitor these outbound issues and report back to the end  on what blocking needs to be done for successful implementations,

Denny

itke_be-sure-to-thank-the-sponsors

The post appeared first on .

 

Tags: SQL Server

Denny Cherry

Written by Denny Cherry

I am a Senior SQL Server DBA at CDW with 10 years of IT experience, mostly as a software developer building web and windows based applications (VB, VB.NET, C#, C++ and a smidge of Java). I have always found database design and set based logic interesting, so 3 years ago I took the plunge and became a DBA, soon after I discovered people would tell anyone who would listen all about the SQL Server internals. I was hooked. I have not looked back since. The things I say represent my opinion and in no way represent the views or opinions of my employer or coworkers.