Network misconfigurations

Sql database server allows ingress from any ip

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Azure CIS, Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, coppa, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, ISO/IEC 27001, Microsoft Cloud Security Benchmark, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-53, Orca Best Practices, PDPA

Description

{AzureSqlDbServer}, SQL Database Server, allows ingress any ip (0.0.0.0/0). SQL Server includes a firewall that allows to define which connections are authorized and unauthorized. By default, for a SQL Server, a Firewall exists with StartIp of 0.0.0.0 and EndIP of 0.0.0.0 allowing access to all the Azure services. Additionally, a custom rule can be set up with StartIp of 0.0.0.0 and EndIP of 255.255.255.255 allowing access from any ip over the internet. In order to reduce the potential attacks of a SQL server, firewall rules should be defined with more restricted ip addresses by referencing the range of addresses available for a specific SQL Server.
  • Recommend icon

    Recommended Mitigation

    For each SQL server, click on Networking and disable public access or edit the firewall rules to limit access to only authorized connections.

Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo