Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Networking, Set Firewall rules for Public network access.
Select Save

In Terraform -

In the azurerm_sql_firewall_rule resource, set start_ip_address and end_ip_address.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0381

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_sql_firewall_rule

Resource Category: Virtual Network

Resource Type: Security Group

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics