Aqua CSPM

Enforce SSL Connection Enabled

Quick Info

Plugin TitleEnforce SSL Connection Enabled
CloudAZURE
CategoryPostgreSQL Server
DescriptionEnsures SSL connections are enforced on PostgreSQL Servers
More InfoSSL prevents infiltration attacks by encrypting the data stream between the server and application.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security
Recommended ActionEnsure the connection security settings of each PostgreSQL server are configured to enforce SSL connections.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for PostgreSQL.
  3. On the “Azure Database for PostgreSQL servers” page, select the database by clicking on the “Name” as a link that needs to be examine.
  4. Scroll down the left navigation panel and choose “Connection Security” under “Settings."
  5. On the “Connection Security” page, scroll down the page and look for “Enforce SSL connection” under “SSL settings”. If it’s “DISABLED” then SSL connections are not enforced on PostgreSQL Servers.
  6. Repeat steps number 2 - 5 to verify other “PostgreSQL” databases for SSL connection in the account.
  7. Navigate to “PostgreSQL”, select the database by clicking on the “Name” and choose “Connection Security” under “Settings” from the left navigation panel.
  8. On “Connection Security” page, scroll down and under “SSL Settings”, click on the “ENABLED” toggle button next to the “Enforce SSL connection.”
  9. Click on the “Save” button at the top to make the changes.
  10. Repeat steps number 7 - 9 to ensure the connection security settings of each PostgreSQL server are configured to enforce SSL connections.