Virtual Network security groups attached to SQL Server instances should not permit ingress from 0.0.0.0/0 to all ports and protocols

Description

To reduce the potential attack surface for a SQL server, firewall rules should be defined with more granular IP addresses by referencing the range of addresses available from specific data centers.

Console Remediation Steps

• Navigate to Virtual Machines and select the VM that has the problem.

• In the left navigation, select Networking.

• Select the Inbound port rules tab and delete any inbound rules that permit ingress from ‘0.0.0.0/0’ to all ports and protocols.

CLI Remediation Steps

• Remove the rule that permit ingress from ‘0.0.0.0/0’ to to all ports and protocols: .. code-block:: guess

  {

  az network nsg rule delete [–ids]

  [–name] [–nsg-name] [–resource-group] [–subscription]

  }

Documentation Links

• Security Groups

• Delete a Security Group Rule via the CLI