azure-nsg-firewall-auditor

What This Skill Does

The azure-nsg-firewall-auditor is a specialized diagnostic utility designed for cloud security engineers and Azure administrators. It acts as an expert-level analyzer for your network security configurations, specifically targeting vulnerabilities within Network Security Groups (NSG) and Azure Firewall policies. By examining JSON exports from your Azure environment, the skill identifies misconfigurations that expose infrastructure to the public internet, such as unrestricted RDP (3389), SSH (22), or database ports (1433/3306/5432). It focuses on identifying 'overly permissive' rules, missing flow logs, and the absence of micro-segmentation, providing actionable remediation steps to lock down your virtual network perimeter.

Installation

You can install this skill directly via the ClawHub command-line interface. Run the following command in your terminal: clawhub install openclaw/skills/skills/anmolnagpal/nsg-firewall-auditor

Use Cases

1. Security Hardening: Audit existing production environments to identify legacy 'allow-all' rules that were created for temporary troubleshooting and forgotten.
2. Compliance Audits: Verify that all management ports are protected by Just-In-Time (JIT) VM Access or Azure Bastion, ensuring your network meets standard regulatory compliance requirements.
3. Post-Incident Analysis: Review your NSG rules following a suspected breach to identify potential entry points that allowed lateral movement or unauthorized external access.
4. Cloud Migration: Validate new network security architectures before deploying them into production to ensure no accidental public exposure is introduced during the configuration phase.

Example Prompts

1. "I am attaching the JSON export of my production NSGs. Please audit these rules for any instances where management ports like SSH or RDP are open to the entire internet (0.0.0.0/0) and suggest remediation."
2. "My Azure Firewall policy is listed in the attached file. Can you identify which rules deviate from security best practices and suggest a more restrictive policy using service tags?"
3. "I have provided my VM effective NSG rules. Please explain why these rules might be dangerous and recommend the appropriate Azure CLI commands to implement JIT VM Access for this specific subnet."

Tips & Limitations

• Data Privacy: This skill is strictly instruction-based. It does not execute CLI commands. Always strip sensitive information like public IP addresses or internal domain names before sharing logs if you are operating under high-security requirements.
• Depth of Analysis: The skill performs best when provided with 'effective rules' rather than simple list outputs, as effective rules account for the additive nature of layered NSG/ASG configurations.
• Holistic Security: This tool focuses on network configuration. Remember that NSGs are only one layer of defense; always complement these findings with IAM (Identity and Access Management) reviews and disk encryption policies.