Sqlserver ingress from any IP

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Sqlserver ingress from any IP

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 25c0ea09-f1c5-4380-b055-3b83863f2bb8

Cloud Provider: Azure

Platform: Terraform

Severity: Critical

Category: Networking and Firewall

Learn More

Provider Reference

Description

This check identifies Azure SQL Server firewall rules that allow access from any IP address (0.0.0.0 to 255.255.255.255), creating a significant security vulnerability by exposing your database to the entire internet. Such unrestricted access increases the risk of unauthorized access, data breaches, and potential exfiltration of sensitive information stored in your SQL databases.

Instead of allowing all IPs, you should configure specific IP ranges or addresses that require access. For example, use specific IP addresses such as start_ip_address = "10.0.17.62" and end_ip_address = "10.0.17.62", instead of the insecure configuration with start_ip_address = "0.0.0.0" and end_ip_address = "255.255.255.255".

Compliant Code Examples

resource "azurerm_sql_firewall_rule" "negative1" {
  name                = "FirewallRule1"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  start_ip_address    = "10.0.17.62"
  end_ip_address      = "10.0.17.62"
}

Non-Compliant Code Examples

resource "azurerm_sql_firewall_rule" "positive1" {
  name                = "FirewallRule1"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  start_ip_address    = "0.0.0.0"
  end_ip_address      = "255.255.255.255"
}