Control: 5.1.7 Ensure Public Network Access is Disabled
Description
Disabling public network access restricts the service from accessing public networks.
A secure network architecture requires carefully constructed network segmentation. Public Network Access tends to be overly permissive and introduces unintended vectors for threat activity.
Remediation
From Azure Portal
- Go to
SQL servers. - For each SQL server, under
Security, clickNetworking. - Set
Public network accesstoDisable. - Click
Save.
Default Value
By default, Azure SQL Server's Public network access is set to Disable.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v300_5_1_7Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v300_5_1_7 --shareSQL
This control uses a named query:
select s.id as resource, case when public_network_access = 'Enabled' then 'alarm' else 'ok' end as status, case when public_network_access = 'Enabled' then name || ' public network access enabled.' else name || ' public network access disabled.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_sql_server as s left join azure_subscription sub on sub.subscription_id = s.subscription_id;