Free Assessment

Azure_SQLServers_12

Ensure that SQL server access is restricted from the internet

Description

Ensure that no SQL Databases allow ingress from the internet.SQL Database includes a firewall to block access to unauthorized connections. Aftercreating your SQL Database, you can specify which IP addresses can connect to yourdatabase. You can then define more granular IP addresses by referencing the range ofaddresses available from specific datacenters.Allowing ingress for the IP range 0.0.0.0/0 (StartIp of 0.0.0.0 and EndIP of 0.0.0.0) allowsopen access to any/all traffic potentially making the SQL Database vulnerable to attacks.

Remediation

Perform the following in the Azure Console:

  1. Go to SQL Servers
  2. For each SQL Server
  3. Select Firewalls and virtual networks
  4. Ensure that the firewall rules exist, and no rule has
    – Start IP of 0.0.0.0
    – and End IP of 0.0.0.0
    – or other combinations which allows access to wider public IP ranges

Default Values:
By default, no firewall rules are configured.

References:

  1. https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database
  2. https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverfirewallrule?view=azurermps-5.2.0

Service

Database Services

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More