Ensure that your Azure App Services web applications enforce FTPS-only access to encrypt FTP traffic. FTPS (Secure FTP) is used to enhance security for your Azure web application as it adds an extra layer of security to the FTP protocol, and help you to comply with the industry standards and regulations.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
With FTP, the transmission of data between the web application and the FTP client is unencrypted, leaving the data vulnerable to being intercepted and read. Even if a Man-in-the-Middle (MITM) attack is a risk that you can quickly mitigate, industry requirements such as PCI DSS, HIPAA, and others require data transfers to be fully encrypted. Enforcing FTPS-only access for your Azure App Services applications, can guarantee that the encrypted traffic between the web application servers and the FTP clients cannot be decrypted by malicious actors in case they are able to intercept packets sent across the FTP connection.
Audit
To determine if your Azure App Services web apps are configured to accept FTPS-only connections, perform the following actions:
Remediation / Resolution
To disable unencrypted FTP and enforce FTPS-only access and deployment for your Microsoft Azure App Services web applications, perform the following actions:
References
- Azure Official Documentation
- App Service
- Enforce FTPS
- Azure PowerShell Documentation
- az webapp
- az webapp list
- az webapp config show
- az webapp config set