More Info:

Ensure that no network security groups allow unrestricted inbound access on TCP ports 27017, 27018 and 27019.

Risk Level

High

Address

Security

Compliance Standards

HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Sure, here are the step-by-step instructions to remediate unrestricted MongoDB access in Azure:

  1. Log in to the Azure portal (https://portal.azure.com/).

  2. Navigate to the “Azure Cosmos DB” service from the dashboard.

  3. Select the database account that has the unrestricted MongoDB access.

  4. Click on the “Firewalls and virtual networks” option from the left-hand side menu.

  5. Under the “Firewalls and virtual networks” tab, select “Selected networks” and then click on the “Add my IP” button.

  6. This will add your current IP address to the allowed list of IP addresses that can access the database.

  7. If you want to allow access from other IP addresses, you can add them by clicking on the “Add IP range” button.

  8. Once you have added the required IP addresses, click on the “Save” button to save the changes.

  9. After saving the changes, you can verify that the unrestricted MongoDB access has been remediated by attempting to access the database from an IP address that is not on the allowed list. You should receive an error message indicating that access is denied.

That’s it! By following these steps, you have successfully remediated the unrestricted MongoDB access in Azure.