More Info:

Ensure that your Microsoft Azure network security groups (NSGs) restrict inbound/ingress access on TCP port 1521 to trusted entities only (i.e. IP addresses) in order to implement the principle of least privilege and vastly reduce the attack surface. TCP port 1521 is used by Oracle Database Server, which is an object-relational database management system (RDBMS) server developed by Oracle Corporation.

Risk Level

High

Address

Security

Compliance Standards

SOC2, GDPR, HIPAA, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

To remediate the misconfiguration of unrestricted Oracle Database Access in Azure, you can follow the below steps:

  1. Login to Azure portal (https://portal.azure.com/)

  2. Navigate to the Azure SQL Database service.

  3. Select the database that needs to be remediated.

  4. In the left-hand menu, select “Firewalls and virtual networks”.

  5. Under “Firewalls”, select “Add client IP”.

  6. This will add your client IP to the allowed IP addresses list. If you want to allow access from a specific IP range, you can add that range as well.

  7. Under “Virtual networks”, select “Add existing virtual network”.

  8. This will allow you to add an existing virtual network to the allowed networks list.

  9. Once you have added the necessary IP addresses and networks, click “Save” to apply the changes.

  10. Finally, ensure that the “Allow access to Azure services” option is set to “OFF” to prevent unrestricted access to the database.

By following these steps, you can remediate the misconfiguration of unrestricted Oracle Database Access in Azure and ensure that your database is secure.