standard
turbot/azure_cis
Get Involved
Version
Pipeline: 5.1.7 Ensure Public Network Access is Disabled
Description
Disabling public network access restricts the service from accessing public networks.
A secure network architecture requires carefully constructed network segmentation. Public Network Access tends to be overly permissive and introduces unintended vectors for threat activity.
Remediation
From Azure Portal
- Go to
SQL servers
. - For each SQL server, under
Security
, clickNetworking
. - Set
Public network access
toDisable
. - Click
Save
.
Default Value
By default, Azure SQL Server's Public network access is set to Disable
.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_5_1_7
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_5_1_7 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v3.0.0/5 Database Services/5.1 Azure SQL Database