Quick Info
| Plugin Title | Blob Container Private Access |
|---|---|
| Cloud | AZURE |
| Category | Blob Service |
| Description | Ensures that all blob containers do not have anonymous public access set |
| More Info | Blob containers set with public access enables anonymous users to read blobs within a publicly accessible container without authentication. All blob containers should have private access configured. |
| AWS Link | https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction |
| Recommended Action | Ensure each blob container is configured to restrict anonymous access |
Detailed Remediation Steps
- Log into the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for Storage account.
- Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
- Click on the "Overveiw" in the selected "Storage account" and scroll down the right side of the settings and click on the "Blobs" option.
- Under the "Blobs" check for the "Public Access" and if it's set to Blob/Container then the selected "Blob" have anonymous public access level.
- Repeat steps number 2 - 5 to verify other Blobs in the "Storage accounts."
- Navigate to the "Storage accounts", select the "Storage account" and click on the "Name", select the "Overview" options and select the "Blob" which needs to have "Private access".
- Select the "Blob" and click on the "Change access level" at the top panel.
- On the "Change access level" tab, select the "Private (no anonymous access)" and click on the "OK" button to make the necessary changes.
- Repeat steps number 7 - 9 to ensure that all blob containers do not have anonymous public access level.
Want to scan for this risk automatically?
CloudSploit audits your cloud accounts for free within minutes. No obligation.
Get Started Now