Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources

Redis Cache should not be configured to allow unlimited access. If a firewall rule is configured to allow start IP and end IP addresses both from 0.0.0.0/0 then the Redis Cache is open to any Azure source.

Suggest Edits

Risk Level: High
Cloud Entity: Azure Redis Cache
CloudGuard Rule ID: D9.AZU.NET.11
Covered by Spectral: No
Category: Database

GSL LOGIC

RedisCache should not have firewallRules contain-any [ isAzurePubliclyAccessable=true ]

REMEDIATION

From Portal

Go to 'Redis Cache' from Azure Management console.
For each Redis Cache, Select Firewall.
Delete any Rule that has 0.0.0.0 in its start and end IP address.
Select Save.
NOTE : By default no firewalls rules are set.

References

https://docs.microsoft.com/en-us/azure/redis-cache/cache-configure#firewall

Azure Redis Cache

Fully managed, open sourceï¿½ï¿½ï¿½compatible in-memory data store to power fast, scalable application. Azure Redis Cache is based on the popular open-source Redis cache. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Redis cache, this fast storage is located in-memory with Redis Cache instead of being loaded from disk by a dat

Compliance Frameworks

Azure CSA CCM v.3.0.1
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure CloudGuard Network Security Alerts
Azure CloudGuard SOC2 based on AICPA TSC 2017
Azure HIPAA
Azure ISO 27001:2013
Azure LGPD regulation
Azure NIST 800-171
Azure NIST 800-53 Rev 4
Azure NIST 800-53 Rev 5
Azure NIST CSF v1.1
Azure New Zealand Information Security Manual (NZISM) v.3.4
CloudGuard Azure All Rules Ruleset

Updated about 1 year ago