Virtual Network security groups attached to SQL Server instances should not permit ingress from 0.0.0.0/0 to all ports and protocols¶
Description¶
To reduce the potential attack surface for a SQL server, firewall rules should be defined with more granular IP addresses by referencing the range of addresses available from specific data centers.
Portal Remediation Steps¶
Navigate to Virtual Machines and select the VM that has the problem.
In the left navigation, select Networking.
Select the Inbound port rules tab and delete any inbound rules that permit ingress from ‘0.0.0.0/0’ to all ports and protocols.
Azure CLI Remediation Steps¶
Remove the rule(s) that permit ingress from ‘0.0.0.0/0’ to to all ports and protocols:
{
az network nsg rule delete [--ids]
[--name]
[--nsg-name]
[--resource-group]
[--subscription]
}