Azure-PostgreSQLServer-Enforce-PostgreSQL-SSL-Connection

Severity: High

Description: This control ensures that Enforce SSL connection is set to Enabled for PostgreSQL Database Server. SSL connectivity helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.

Remediation Steps:

Perform following to update PostgreSQL parameters:

1. LoLogin to Azure Portal using https://portal.azure.com.

2. Go to PostgreSQL server.

3. For each database, click on Connection security.

4. In SSL settings

5. Click on ENABLED for Enforce SSL connection.

Important:

Reference:

• CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #4.3.1

• https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal#prerequisites