Ensure the entire Azure infrastructure doesn't have access to Azure SQL Server

Azure connections must be enabled to allow applications from Azure to connect to your Azure SQL server. When an application from Azure attempts to connect to your database server, the firewall verifies that Azure connections are allowed. A firewall setting with starting and ending address equal to 0.0.0.0 allows these connections. This option configures the firewall to allow all connections from Azure including connections from the subscriptions of other customers. Make to use Firewall VNet rules.

Risk Level: High
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.NET.02
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have isAzurePubliclyAccessable=false

REMEDIATION

From Portal

  1. Login into the Azure portal.
  2. Go to SQL Servers.
  3. For each SQL Server, select Networking under Security.
  4. Set the 'Allow access to Azure services' to OFF.

References

  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CSA CCM v.3.0.1
  • Azure CSA CCM v.4.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard Network Security Alerts
  • Azure CloudGuard SOC2 based on AICPA TSC 2017
  • Azure HIPAA
  • Azure HITRUST v9.5.0
  • Azure ISO 27001:2013
  • Azure LGPD regulation
  • Azure NIST 800-171
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • CloudGuard Azure All Rules Ruleset