Check For Publicly Accessible SQL Servers
More Info:
Ensure that your Microsoft Azure SQL database servers are accessible through private endpoints instead of public IP addresses or service endpoints, in order to eliminate the exposure from the public Internet.Risk Level
MediumAddress
SecurityCompliance Standards
GDPR, CISAZURE, CBP, HITRUST, SOC2Triage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration of “Publicly Accessible SQL Servers” in Azure:
- Log in to the Azure Portal (https://portal.azure.com/).
- Navigate to the SQL servers page by clicking on “SQL servers” in the left-hand menu.
- Select the SQL server that is publicly accessible.
- Click on the “Firewalls and virtual networks” tab.
- Under “Firewall settings,” select “Selected networks.”
- Click on the “Add client IP” button to add the IP address of your computer to the list of allowed IPs.
- If you want to allow access from other IPs, you can add them by clicking on the “Add IP range” button.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
Sure, here are the step-by-step instructions to remediate the “Publicly Accessible SQL Servers” misconfiguration in AZURE using AZURE CLI:Make sure to replace This command should return “Disabled” for the identified SQL server(s).That’s it! You have successfully remediated the “Publicly Accessible SQL Servers” misconfiguration in AZURE using AZURE CLI.
- Open the AZURE CLI and login to your AZURE account using the following command:
- Run the following command to list all the SQL servers in your subscription:
- Identify the SQL server(s) that are publicly accessible and note down their resource group name and server name.
- Run the following command to set the “public network access” property to “Disabled” for the identified SQL server(s):
<resource-group-name> and <server-name> with the actual names of the resource group and server that you identified in step 3.- Verify that the “public network access” property has been set to “Disabled” for the SQL server(s) by running the following command:
Using Python
Using Python
To remediate publicly accessible SQL servers in Azure using Python, you can follow these steps:Note: You will need to replace
- First, you need to import the necessary libraries:
- Next, you need to authenticate with Azure using the
DefaultAzureCredentialclass.
- Then, you need to create an instance of the
SqlManagementClientclass.
- After that, you can use the
sql_clientinstance to get a list of all the SQL servers in your subscription.
- For each SQL server, you can check if it is publicly accessible by getting its firewall rules.
- If you find a SQL server with a publicly accessible firewall rule, you can delete the rule using the
deletemethod of theFirewallRulesOperationsclass.
- Finally, you can confirm that the firewall rule has been deleted by checking the list of firewall rules again.
<resource-group-name> with the name of the resource group containing your SQL servers.