Ensure that firewalls associated with your Microsoft Azure SQL servers are not configured to allow unrestricted inbound access (i.e. 0.0.0.0/0) in order to protect against unauthorized connections. By default, a Microsoft SQL server firewall contains a StartIP of 0.0.0.0 and an EndIP of 0.0.0.0, allowing access to all Microsoft Azure services. Additionally, a custom rule can be set up with StartIP of 0.0.0.0 and EndIP of 255.255.255.255 to allow access from any IP address over the Internet. To reduce the potential attack surface for your SQL servers, firewall rules should be configured with granular IPs by referencing the range of IP addresses available from specific, authorized networks.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing unrestricted SQL database access can increase opportunities for malicious activities such as hacking and loss of data.
To determine if your Microsoft SQL server firewalls allow unrestricted SQL access, perform the following actions:
Remediation / Resolution
To update your Azure SQL server firewall configuration in order to limit access to authorized connections only, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted SQL Database Access
Risk level: Very High