module/ConfigurationProvider/ControlConfigurations/Services/LoadBalancer.json
|
{
"FeatureName": "LoadBalancer", "Reference": "aka.ms/azsktcp/loadBalancer", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_LoadBalancer_NetSec_Enable_WAF_And_DDoS_Protection_Trial", "Description": "[Trial] Load Balancer should have Web Application Firewall (WAF) and DDoS configured", "Id": "LoadBalancer110", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckLoadBalancerWAFTrial", "DisplayName": "[Trial] Load Balancer should have Web Application Firewall (WAF) and DDoS configured", "Rationale": "WAF enforcement on the Load Balancer further strengthens the security posture of your applications by protecting them from the common web vulnerabilities. This allows you to secure both your internet-facing as well as your internal application workloads. Enabling DDOS on Vnet of front end configurations, provides protection and defense for Azure resources against the impacts of DDoS attacks.", "Recommendation": "To Remediate WAF on Load balancer, Enable DDOS on the Virtual Network of every frontend IP configuration of Load balancer and attach every subnet with NSG/Azure Firewall.", "Tags": [ "Baseline", "Daily" ], "Enabled": true, "CustomTags": [ "Trial" ] } ] } |