Detections
Analytics

Ensure DDoS protection standard is enabled for Azure Virtual Network

MEDIUM

Description

DDoS protection standard is not enabled for Azure Virtual Network, this may lead to DDoS attacks on underlying infrastructure.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Virtual Networks.
  2. Select the Virtual Network you wish to edit.
  3. Under Settings, select DDOS Protection.
  4. Select Enable.
  5. Use either an existing DDOS Protection Plan or create a new one and configure as needed.

In Terraform -

  1. In the azurerm_virtual_network resource, create a ddos_protection_plan block.
  2. Set enable to true.
  3. Set the id to an appropriate DDOS Protection Plan ID.

References:
https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network#ddos_protection_plan

Policy Details

Rule Reference ID: AC_AZURE_0355
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_virtual_network
Resource Category: Compute
Resource Type: Virtual Network

Frameworks