Skip to content
This repository has been archived by the owner on Sep 11, 2023. It is now read-only.

Latest commit

 

History

History
30 lines (25 loc) · 2.91 KB

sql-server-public-access.md

File metadata and controls

30 lines (25 loc) · 2.91 KB

CloudSploit

AZURE / SQL Server / SQL Server Public Access

Quick Info

Plugin Title SQL Server Public Access
Cloud AZURE
Category SQL Server
Description Ensures that SQL Servers do not allow public access
More Info Unless there is a specific business requirement, SQL Server instances should not have a public endpoint and should only be accessed from within a VNET.
AZURE Link https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview/
Recommended Action Ensure that the firewall of each SQL Server is configured to prohibit traffic from the public 0.0.0.0 global IP address.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for SQL servers.
  3. On the "SQL server" page, select the SQL server that needs to be examined.
  4. On the selected "SQL server" page, scroll down the left navigation panel and select " Firewalls and virtual networks" under the "Security" column.
  5. On the "Firewalls and virtual networks" page, if "Allow Azure services and resources to access this server" is "ON" then the selected "SQL server" allow public access.
  6. Repeat steps number 2 - 5 to verify other "SQL servers" in the account.
  7. Navigate to "SQL servers", on the "SQL servers" page select the "SQL server", scroll down the left navigation panel and choose "Firewalls and virtual networks" under the "Security."
  8. On the "Firewalls and virtual networks" page, click on the "OFF" option next to the "Allow Azure services and resources to access this server" and "Save" the changes.
  9. If no "VNET" is configured, scroll down the page and click on the "Add existing virtual network".
  10. On the "Create/Update" page, select the "Subscription", "Virtual network", "Subnet name" and click on "OK" at the bottom of the page.
  11. Click on the "Save" button to make the changes.
  12. Repeat steps number 7 - 11 to ensure that the firewall of each SQL Server is configured to prohibit traffic from the public 0.0.0.0 global IP address.