SQL Servers

SQL Server Private Endpoints Not Configured

Risk Level: MEDIUM

Description: 

This plugin guarantees that only private endpoints are used to access SQL Servers. Azure Private Endpoint is a network interface that links you to a service enabled by Azure Private Link in a private and secure manner. Private Endpoint connects to your VNet using a private IP address, essentially putting a service like Azure SQL Server within your VNet. The core building component for Azure Private Link is the Azure Private endpoint. It allows Azure resources such as virtual machines (VMs) to interact secretly with Private Link resources.

PingSafe strongly recommends ensuring that Private Endpoints are configured properly and Public Network Access is disabled for SQL Server.

About the Service :

Azure SQL is a set of managed, secure, and intelligent SQL Server database solutions that run in the Azure cloud. Because Azure SQL is based on the well-known SQL Server engine,  applications can be easily transferred while keeping the existing tools, languages, and resources. 

Impact : 

A private endpoint is a network interface that connects to your virtual network using a private IP address. This network interface connects you to a service powered by Azure Private Link in a private and secure manner.  

Steps to Reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s All Resources.
  3. In the Type filter select the value as SQL Servers and click Apply.
  4. Next, select the SQL Server that you want to examine.
  5. Click on Private Endpoint Connections under Security in the navigation pane.
  6. Check whether the SQL Server Private Endpoints are configured or not.
  7. Repeat the same steps for other servers as well.

Steps for remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s All Resources.
  3. In the Type filter select the value as SQL Servers and click Apply.
  4. Next, select the SQL Server that you want to examine.
  5. Click on Private Endpoint Connections under Security in the navigation pane.
  6. Check whether the SQL Server Private Endpoints are configured or not.
  7. Click on Private Endpoint, a page to Create a private endpoint appears. Now in the Basics tab enter the Project details and Instance details.
  8. Next, fill the required fields in the Resource tab and click Next.
  9. Fill the fields in the Configuration page, Tags page, and Review and create page. Then click on Create.
  10. SQL Server Private endpoints will be configured.
  11. Repeat the same steps for other servers as well.

References :

Please feel free to reach out to support@pingsafe.com with any questions that you may have.

Thanks

PingSafe Support