๐ผ 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) - Level 1 (Automated).
- Contextual name: ๐ผ 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) - Level 1 (Automated).
- ID:
/frameworks/cis-azure-v1.3.0/06/03
- Located in: ๐ผ 6 Networking
Descriptionโ
Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP). Implementation note: CIS instructs to fail any SQL database that has a firewall rule that has โStart IPโ of 0.0.0.0. This does not align with the rule title and description - to block any ingress traffic. Therefore, the assigned policy of this rule will fail for any SQL Server that has a firewall rule with โStart IPโ 0.0.0.0 and โEnd IPโ 255.255.255.255. This range covers any IP (0.0.0.0/0). In addition, the benchmark instructs to make sure 'Allow Azure services and resources to access this service' is disabled. This option has nothing to do with ANY IP. It simply checks if the Server allows traffic from Azure services (from any subscription). We decided to create a dedicated rule to check if this feature is enabled.
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)โ
Internal Rulesโ
| Rule | Policies | Flags |
|---|
| โ๏ธ dec-x-0289e9c9 | 1 | |