Network misconfigurations

Azure Network Security Group allows unrestricted access to MySQL service from the Internet

Compliance Frameworks


Port 3306 is the default port for the classic MySQL protocol, which is used by the mysql client, MySQL Connectors, and utilities such as mysqldump and mysqlpump. There is a rule configured in {AzureNetworkSecurityGroup} network security group, that allows all incoming traffic to this port from the Internet. In order to keep security best practices and decrease the risk for malicious activities, you should restrict access to be only from allowed IP addresses.
  • Recommended Mitigation

    Configure networking rule to allow incoming traffic to MySQL service from allowed IP addresses only.