stackoom
  简体   繁体   中英

What to do about "VA2065 - Server-level firewall rules" in SQL Vulnerability Assessment?

 原文  2020-01-22 18:04:12       azure/ azure-security

Question

Working through an SQL Vulnerability assessment and one of the warnings is "VA2065 - Server-level firewall rules should be tracked and maintained at a strict minimum".

There then is a list of firewall rules in red, with IP addresses next to them (usually just one number but sometimes a range).

I am trying to understand these rules and this assessment. I think these are the IP addresses that we allow to access the server. For example, when I access a db on the server in question from SSMS I will occasionally get an error that to proceed I have to add the IP to the firewall rule. So I say yes. I see some rules with names like "ClientIPAddress_2019-05-21_01:24:15" that are probably the result of this.

I also see some weird rules like "AllowAllWindowsAzureIps" with an IP range of 0.0.0.0 to 0.0.0.0. What is that all about? My guess is that allows any Azure process to access the server, but I do not know.

Assuming my analysis is correct, and that all of the rules are OK, what is remediation is necessary? Set the current rules as a baseline and send out an alert when a new rule is created? Or disallow any automatic rule creation?

Any guidance would be most appreciated.

"AllowAllWindowsAzureIps"

1 answers

solution1
 0  2023-01-17 23:51:01

I'm not saying this is the correct answer but since it's been over 2 years and nobody has answered, I'll give it a shot.

This is how we handled/fixed this. You either add the rule to the baseline(saying it's supposed to be here) or you delete the rule(saying it's not supposed to be here). Think of this scan as a reminder that these rules exist and to clean them out when they aren't needed. All your ClientIp rules. The baseline is what is expected.

If you think of it like a party that has a list of attendees it might help. Your party has 2 guests on the list: Martha (your mom) and Jeff (your mom's special friend). If you go into your party and see 3 people there, you know something isn't right, except it is right, because you forgot that you told Samantha (your hot cousin) she could come. So you add her to the list. Now everything is ok to your party advisor because 3 names are on the list and 3 people are in the party.

But then you come back later and now there are 4 people at the party. Chad (Samantha's boyfriend) showed up. Your party administrator knows Chad's gotta go because he's not on the list. He got in to the party because Samantha let him in. But it's not Samantha's party and she shouldn't have done that.

Good thing we have this list that tells us who's actually supposed to be at the party or we wouldn't be able to spend alone time with Samantha.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL server firewall rules Multiple Azure SQL Firewall Rules in One Expression How do I specify multiple rows in an Azure Vulnerability Assessment baseline definition in my ARM (JSON) template? What's permissions should be added to Azure SQL server to get active directory user the ability to automatically set your own firewall IP exception? AWS WAF and Firewall Manager - Default action when there are no rules applied Azure Firewall: Most common Azure Firewall Policy Rule Collection Rules How to disable firewall in Azure SQL database? GKE node pool tags and firewall rules Firebase insecure rules email about storage expiring How do I remove Azure network security config rules that blocked RDP and all SQL Server access on Azure VM?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM