Network misconfigurations

Azure virtual machine allows direct access to Apache Cassandra service from the Internet

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

By default, Cassandra uses 7000 for cluster communication (7001 if SSL is enabled), 9042 for native protocol clients, 7199 for JMX, and 9160 for Cassandra Thrift RPC. Those ports are open on your virtual machine and allows all incoming traffic from the Internet. In order to keep security best practices, you should restrict access to be only from allowed IP addresses.
  • Recommended Mitigation

    Configure networking rule to allow incoming Apache Cassandra traffic from allowed IP addresses only.