Azure PostgreSQL firewall allows public access
Description
AlphaSOC detected configuration of an Azure PostgreSQL Flexible Server firewall
rule that allows access from the entire internet (0.0.0.0 to 255.255.255.255)
via Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/write.
Exposing a database to the public internet is a significant security risk. This configuration allows authentication attempts from any IP address, making the database vulnerable to brute force attacks, exploitation of database vulnerabilities, and unauthorized access if credentials are compromised.
Impact
Public internet exposure of database services dramatically increases attack surface. The database becomes vulnerable to automated scanning, brute force attacks, and exploitation from any location. Data breaches, ransomware attacks targeting databases, and regulatory compliance violations may result.
Severity
| Severity | Condition |
|---|---|
Medium | PostgreSQL firewall allows 0.0.0.0-255.255.255.255 |
Investigation and Remediation
Immediately review Azure Activity logs to identify who created the public access rule. Determine if there is any legitimate business justification, which is rare for production databases.
Remove the public access firewall rule immediately unless there is documented, approved justification. Implement specific IP restrictions or use Private Link for secure connectivity. Audit database access logs for unauthorized authentication attempts and review any connections that occurred during the exposure window.