Azure VPN Gateway Pre-Shared Key
Service Name: Azure VPN Gateway
Service Description: Azure VPN Gateway is a service that enables you to establish secure, cross-premises connectivity between your virtual network and on-premises networks. It provides site-to-site VPN connections using IPsec/IKE protocols and pre-shared keys for authentication.
Service Address: https://portal.azure.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the network security group level to control traffic to and from the VPN gateway.
Secret Access Scope: Grants authentication access to establish secure VPN tunnels between Azure virtual networks and on-premises networks.
Secret Revokement URL: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal#change-the-vpn-gateway-pre-shared-key
Secret Example: aZ9Q4bX7cY2dE5fG8hJ1kL3mN6pR9sT0
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual configuration changes to VPN gateways
- Check for unauthorized connection attempts in VPN gateway diagnostic logs
- Monitor for unexpected traffic patterns through the VPN tunnel
- Verify if there are any recent changes to network security groups associated with the VPN gateway
- Examine Azure Security Center alerts related to network security
Mitigation Instructions:
- Immediately rotate the pre-shared key in the Azure portal
- Navigate to Virtual Network Gateway > Connections > Select the connection >
Shared key > Update
- Update the corresponding pre-shared key on the on-premises VPN device
- Consider implementing Azure Private Link for more secure connectivity if
applicable
- Enable Azure DDoS Protection Standard for the virtual network containing the
VPN gateway
- Implement Just-In-Time access for management of VPN gateway
configurations
- Review and tighten network security group rules associated with the VPN
gateway