Azure Security Center for IoT scans your Azure resources and IoT devices and provides security recommendations to reduce your attack surface. Security recommendations are actionable and aim to aid customers in complying to security best practices.
In this article, you will find a list of recommendations which can be triggered on your IoT Hub and/or IoT devices.
Recommendations for IoT devices
Device recommendations provide insights and suggestions to improve device security posture.
|Medium||Open Ports on device||Agent||A listening endpoint was found on the device .|
|Medium||Permissive firewall policy found in one of the chains.||Agent||Allowed firewall policy found (INPUT/OUTPUT). Firewall policy should deny all traffic by default, and define rules to allow necessary communication to/from the device.|
|Medium||Permissive firewall rule in the input chain was found||Agent||A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or ports.|
|Medium||Permissive firewall rule in the output chain was found||Agent||A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or ports.|
|Medium||Operation system baseline validation has failed||Agent||Device doesn't comply with CIS Linux benchmarks.|
Operational recommendations for IoT devices
Operational recommendations provide insights and suggestions to improve security agent configuration.
|Low||Agent sends unutilized messages||Agent||10% or more of security messages were smaller than 4 KB during the last 24 hours.|
|Low||Security twin configuration not optimal||Agent||Security twin configuration is not optimal.|
|Low||Security twin configuration conflict||Agent||Conflicts were identified in the security twin configuration.|
Recommendations for IoT Hub
Recommendation alerts provide insight and suggestions for actions to improve the security posture of your environment.
|High||Identical authentication credentials used by multiple devices||IoT Hub||IoT Hub authentication credentials are used by multiple devices. This may indicate an illegitimate device impersonating a legitimate device. Duplicate credential use increases the risk of device impersonation by a malicious actor.|
|Medium||Default IP filter policy should be deny||IoT Hub||IP filter configuration should have rules defined for allowed traffic, and should by default, deny all other traffic by default.|
|Medium||IP filter rule includes large IP range||IoT Hub||An allow IP filter rule source IP range is too large. Overly permissive rules can expose your IoT hub to malicious actors.|
|Low||Enable diagnostics logs in IoT Hub||IoT Hub||Enable logs and retain them for up to a year. Retaining logs enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised.|