AZURE BL 2-4 MYSQL port 3306 is restricted to public access

Description 

 

By allowing public access (from IP 0.0.0.0/0)  over the internet to MYSQL  database ports you are allowing attackers all over the internet to access your MYSQL instance and attempt exploitation of known vulnerabilities in MYSQL or use brute force techniques to gain access to servers, data, and information systems.

 

Remediation 

Azure Portal

  1. Go to Azure Portal 
  2. Select Network Security Groups under resources
  3. Go to Security Group (or all groups one at a time)
  4. Under Settings->Inbound Security Rules
  5. On the right-hand pane, review the list of security rules
  6. Remove or update any inbound rule where incoming / ingress traffic is allowed from source IP '0.0.0.0/0' and destination port is 3306 with protocol TCP or any

 

Additional documents 

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview