Ensure public access is disabled for Azure MSSQL Server

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Networking, Set Public network access to Disable
Select Save

In Terraform -

In the azurerm_mssql_server resource, set public_network_access_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0135

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mssql_server

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics