Aqua CSPM

SQL Server Public Access

Quick Info

Plugin TitleSQL Server Public Access
CloudAZURE
CategorySQL Server
DescriptionEnsures that SQL Servers do not allow public access
More InfoUnless there is a specific business requirement, SQL Server instances should not have a public endpoint and should only be accessed from within a VNET.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview/
Recommended ActionEnsure that the firewall of each SQL Server is configured to prohibit traffic from the public 0.0.0.0 global IP address.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for SQL servers.
  3. On the “SQL server” page, select the SQL server that needs to be examined.
  4. On the selected “SQL server” page, scroll down the left navigation panel and select " Firewalls and virtual networks” under the “Security” column.
  5. On the “Firewalls and virtual networks” page, if “Allow Azure services and resources to access this server” is “ON” then the selected “SQL server” allow public access.
  6. Repeat steps number 2 - 5 to verify other “SQL servers” in the account.
  7. Navigate to “SQL servers”, on the “SQL servers” page select the “SQL server”, scroll down the left navigation panel and choose “Firewalls and virtual networks” under the “Security."
  8. On the “Firewalls and virtual networks” page, click on the “OFF” option next to the “Allow Azure services and resources to access this server” and “Save” the changes.
  9. If no “VNET” is configured, scroll down the page and click on the “Add existing virtual network”.
  10. On the “Create/Update” page, select the “Subscription”, “Virtual network”, “Subnet name” and click on “OK” at the bottom of the page.
  11. Click on the “Save” button to make the changes.
  12. Repeat steps number 7 - 11 to ensure that the firewall of each SQL Server is configured to prohibit traffic from the public 0.0.0.0 global IP address.