Ensure that all your Microsoft Azure network security groups (NSGs) restrict inbound/ingress access on TCP port 1433 to trusted IP addresses only in order to implement the principle of least privilege and significantly reduce the attack surface. TCP port 1433 is used by Microsoft Azure SQL Server, the relational database management system developed by Microsoft.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Allowing unrestricted access on TCP port 1433 (MS SQL) via Azure network security groups (NSGs) can increase opportunities for malicious activities such as hacking, denial-of-service (DoS) attacks and SQL injection attacks.
Audit
To determine if your Microsoft Azure network security groups allow unrestricted access on TCP port 1433, perform the following actions:
Remediation / Resolution
To reconfigure your Azure NSG rules in order to allow access on TCP port 1433 to trusted entities such as administrator IP addresses or IP ranges, perform the following actions:
References
- Azure Official Documentation
- Azure network security overview
- Network security groups
- Create, change, or delete a network security group
- Azure best practices for network security
- Azure PowerShell Documentation
- az mysql server
- az network nsg list
- az network nsg rule list
- az network nsg rule update
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check for Unrestricted MS SQL Server Access
Risk level: High