Azure_VirtualNetworks_3

Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)

Description

Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).

Remediation

Perform the following in the Azure Console:

  1. Go to SQL servers
  2. For each SQL server
  3. Click on Firewall / Virtual Networks
  4. Set Allow access to Azure services to OFF’
  5. Set firewall rules to limit access to only authorized connections

Perform the following in Azure PowerShell :

  1. Disable Default Firewall Rule Allow access to Azure services :
    Remove – AzureRmSqlServerFirewallRule – FirewallRuleName AllowAllWindowsAzureIps – ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;

  2. Remove custom Firewall rule :
    Remove – AzureRmSqlServerFirewallRule – FirewallRuleName & lt;firewallRuleName & gt;- ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;

  3. Set the appropriate firewall rules :
    Set – AzureRmSqlServerFirewallRule – ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;- FirewallRuleName & lt;Fw rule Name & gt;- StartIpAddress & lt;IP Address other than 0.0.0.0 & gt;- EndIpAddress & lt;IP Address other than0.0.0.0 or 255.255.255.255 & gt;

References :

  1. https :// docs.microsoft.com / en – us / sql / database – engine / configure – windows / configure – a – windows – firewall – for – database – engine – access?view = sql – server – 2017
  2. https :// docs.microsoft.com / en – us / powershell / module / azurerm.sql / get – azurermsqlserverfirewallrule?view = azurermps – 5.2.0
  3. https :// docs.microsoft.com / en – us / powershell / module / azurerm.sql / set – azurermsqlserverfirewallrule?view = azurermps – 5.2.0
  4. https :// docs.microsoft.com / en – us / powershell / module / azurerm.sql / remove – azurermsqlserverfirewallrule?view = azurermps – 5.2.0
  5. https :// docs.microsoft.com / en – us / azure / sql – database / sql – database – firewall – configure
  6. https :// docs.microsoft.com / en – us / sql / relational – databases / system – stored – procedures / sp – set – database – firewall – rule – azure – sql – database?view = azuresqldb – current

Service

Networking

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!