Ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3306 in order to protect against malicious actors and significantly reduce the attack surface. TCP port 3306 is used by the MySQL Database Server, a popular open-source Relational Database Management System (RDBMS) server.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
To determine if your Azure network security groups allow unrestricted MySQL Database access, perform the following actions:
Audit
To determine if your Azure network security groups allow unrestricted MySQL Database access, perform the following actions:
Remediation / Resolution
To update your Azure NSG rule(s) configuration in order to restrict MySQL Database access to trusted entities only, such as admin IP addresses or IP ranges, perform the following actions:
References
- Azure Official Documentation
- Azure network security overview
- Network security groups
- Create, change, or delete a network security group
- Azure best practices for network security
- Azure PowerShell Documentation
- az mysql server
- az network nsg list
- az network nsg rule list
- az network nsg rule update
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check for Unrestricted MySQL Database Access
Risk level: High