Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)
Description
Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).
Remediation
Perform the following in the Azure Console:
Go to SQL servers
For each SQL server
Click on Firewall / Virtual Networks
Set Allow access to Azure services to OFF’
Set firewall rules to limit access to only authorized connections
Perform the following in Azure PowerShell :
Disable Default Firewall Rule Allow access to Azure services : Remove – AzureRmSqlServerFirewallRule – FirewallRuleName AllowAllWindowsAzureIps – ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;
Remove custom Firewall rule : Remove – AzureRmSqlServerFirewallRule – FirewallRuleName & lt;firewallRuleName & gt;- ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;
Set the appropriate firewall rules : Set – AzureRmSqlServerFirewallRule – ResourceGroupName & lt;resource group name & gt;- ServerName & lt;server name & gt;- FirewallRuleName & lt;Fw rule Name & gt;- StartIpAddress & lt;IP Address other than 0.0.0.0 & gt;- EndIpAddress & lt;IP Address other than0.0.0.0 or 255.255.255.255 & gt;
