Severity : High
Description: This control ensures that Azure RediCache have SSL Access only should be enabled for Azure Cache for Redis to meet the organization's security compliance requirements. Remediation Steps : Enable SSL Access Only for Azure cache for Redisaccess enable for cache connections. The use of secure connections ensures authentication between the cache server and the service or application, and protects data in transit against network layer attacks such as man-in-the-middle (MITM), eavesdropping and session hijacking. it is highly recommended to implement encryption in order to protect it from unauthorized access to meet organization compliance requirements for data protection.
Remediation Steps:
Perform following to Remove all non-required guest users :
Login to Azure Portal usingĀ https://portal.azure.com.
Navigate to All resources.
Filter resources for Azure subscription that need to update from the Subscription list.
Filter using the Type and select Azure Cache for Redis to list Redis Cache servers in the selected subscription.
Select Redis Cache servers reported.
Under Settings, select Advanced settings.
In Advanced Settings page, select the Allow access only via SSL toggle to Yes.
Under Non-SSL Port, Select Disable.
Under SSL Port, enter port value (6380).
Under Minimum TLS version, Select the TLS version allowed (1.2 recommended).
Select Save.
Important:
Reference: