Redis attached subnet Network Security Group should allow ingress traffic only to ports 6379 or 6380
Deploying Redis Cache under a VNET provides enhanced security and isolation. Vnet also provides subnets, access control policies and additional networking and security capabilities. When using a VNET specific ingress and egress firewall rules are required. This feature is available to Premium tier Redis Cache only.
Risk Level: High
Cloud Entity: Azure Redis Cache
CloudGuard Rule ID: D9.AZU.NET.15
Covered by Spectral: Yes
Category: Database
GSL LOGIC
RedisCache should have subnet.securityGroup.inboundSecurityRules contain-any [ destinationPortRanges contain [ destinationPort<=6379 and destinationPortTo>=6379 ] ] and subnet.securityGroup.inboundSecurityRules contain-any [ destinationPortRanges contain [ destinationPort<=6380 and destinationPortTo>=6380 ] ]
REMEDIATION
From Portal
Pre-Requisite : VNET needs to be set up upon Redis Cache Launch.
- Go to 'Network Security Groups' from Azure Management console.
- For each Network Security Group that is attached to the concern Redis.
- Select Inbound security rules.
- Add a rule with Destination Port 6379 & 6380.
- Select Add.
References
Azure Redis Cache
Fully managed, open source���compatible in-memory data store to power fast, scalable application. Azure Redis Cache is based on the popular open-source Redis cache. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Redis cache, this fast storage is located in-memory with Redis Cache instead of being loaded from disk by a dat
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CSA CCM v.3.0.1
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure CloudGuard CheckUp
- Azure CloudGuard Network Security Alerts
- Azure CloudGuard SOC2 based on AICPA TSC 2017
- Azure HIPAA
- Azure ISO 27001:2013
- Azure LGPD regulation
- Azure NIST 800-171
- Azure NIST 800-53 Rev 4
- Azure NIST 800-53 Rev 5
- Azure NIST CSF v1.1
- Azure New Zealand Information Security Manual (NZISM) v.3.4
- Azure PCI-DSS 3.2
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago