Risk Level: High
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.NET.03
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should not have firewallRules contain-any [ numberOfAddressesInRange > 256]

REMEDIATION

From Portal

Login into the Azure portal.
Go to SQL Servers.
For each SQL Server, select Firewalls and virtual networks.
Add rules for IP address range that needs access to databases. Start and End IP address should not be 0.0.0.0.

NOTE : By default, no Rules are created.

From TF
Set the 'start_ip_address' and 'end_ip_address' under 'azurerm_mssql_firewall_rule' as below:

resource "azurerm_mssql_firewall_rule" "example" {
	...
	start_ip_address = "START_IP"
	end_ip_address = "END_IP"
	...
}

From Command Line
Use the below command to create firewall rule
Run

az sql server firewall-rule create --resource-group MYRESOURCEGROUP --server SERVER --name NAME_OF_FIREWALL_RULE --start-ip-address START_IP --end-ip-address END_IP

References

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

Azure CSA CCM v.3.0.1
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure CloudGuard Network Security Alerts
Azure CloudGuard SOC2 based on AICPA TSC 2017
Azure HIPAA
Azure HITRUST v9.5.0
Azure ISO 27001:2013
Azure LGPD regulation
Azure NIST 800-171
Azure NIST 800-53 Rev 4
Azure NIST 800-53 Rev 5
Azure NIST CSF v1.1
Azure New Zealand Information Security Manual (NZISM) v.3.4
CloudGuard Azure All Rules Ruleset