Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule

HIGH

Description

Allowing unrestricted, public access to cloud services creates a significant vulnerability, as it opens up the application to external attacks. When public access is enabled, without the implementation of proper firewall rules, your Azure SQL Servers are left exposed and unsecured, making them highly susceptible to unauthorized access, data breaches, and other malicious activities.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Networking, Set Firewall rules for Public network access.
Select Save

In Terraform -

In the azurerm_mssql_firewall_rule resource, set start_ip_address and end_ip_address.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0580

CSP: Azure

Remediation Available: No

Domain: Infrastructure Security

Resource: azurerm_mssql_server

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2