Skip to content

Latest commit

 

History

History
25 lines (21 loc) · 2.3 KB

blob-container-private-access.md

File metadata and controls

25 lines (21 loc) · 2.3 KB

CloudSploit

AZURE / Blob Service / Blob Container Private Access

Quick Info

Plugin Title Blob Container Private Access
Cloud AZURE
Category Blob Service
Description Ensures that all blob containers do not have anonymous public access set
More Info Blob containers set with public access enables anonymous users to read blobs within a publicly accessible container without authentication. All blob containers should have private access configured.
AZURE Link https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
Recommended Action Ensure each blob container is configured to restrict anonymous access

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Find the search bar at the top and search for Storage account.
  3. Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
  4. In the left navigation panel click on "Containers" under "Data storage".
  5. In the Containers List, select the container for which the column "Public access level" shows "Blob" or "Container" and click on "Change access level" button at the top.
  6. In the "Change access level" pop up the "Public access level" dropdown should be set to "Private(no anonymous access)". If it is set to "Blob" or "Container" then anonymous requests are allowed at the service level and this is against azure best practices.
  7. In the "Change access level" pop up click on the "Public access level" dropdown and select "Private(no anonymous access)" and click "OK" to make the necessary changes.
  8. Repeat steps number 5 - 7 to ensure that all blob containers have private access level.