Ensure that the Redis Cache accepts only SSL connections
It is recommended that Redis Cache should allow only SSL connections
Risk Level: High
Cloud Entity: Azure Redis Cache
CloudGuard Rule ID: D9.AZU.CRY.05
Covered by Spectral: Yes
Category: Database
GSL LOGIC
RedisCache should have enableNonSslPort=false
REMEDIATION
From Portal
- Go to Azure Cache for Redis
- For each Redis Cache, Click on Advanced settings
- Set the Allow access only via SSL to 'Yes'
- Click Save.
From TF
Set the 'availability_set_id' argument under azurerm_windows_virtual_machine
resource "azurerm_redis_cache" "example" {
..
enable_non_ssl_port = false
..
}
From Command Line
Run
az redis update --name REDISCACHENAME --resource-group RESOURCEGROUP --set enableNonSslPort=false
References
- https://docs.microsoft.com/en-us/azure/redis-cache/cache-configure#advanced-settings
- https://docs.microsoft.com/en-us/cli/azure/redis?view=azure-cli-latest#az-redis-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#enable_non_ssl_port
Azure Redis Cache
Fully managed, open source���compatible in-memory data store to power fast, scalable application. Azure Redis Cache is based on the popular open-source Redis cache. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Redis cache, this fast storage is located in-memory with Redis Cache instead of being loaded from disk by a dat
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CSA CCM v.3.0.1
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure CloudGuard CheckUp
- Azure CloudGuard SOC2 based on AICPA TSC 2017
- Azure Dashboard System Ruleset
- Azure GDPR Readiness
- Azure HIPAA
- Azure HITRUST v9.5.0
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure LGPD regulation
- Azure NIST 800-171
- Azure NIST 800-53 Rev 4
- Azure NIST 800-53 Rev 5
- Azure NIST CSF v1.1
- Azure New Zealand Information Security Manual (NZISM) v.3.4
- Azure PCI-DSS 3.2
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated over 1 year ago