Azure-RedisCache-SSL-Access-Only-Enabled

Severity : High

Description: This control ensures that Azure RediCache have SSL only access enable for cache connections. The use of secure connections ensures authentication between the cache server and the service or application, and protects data in transit against network layer attacks such as man-in-the-middle (MITM), eavesdropping and session hijacking. it is highly recommended to implement encryption in order to protect it from unauthorized access to meet organization compliance requirements for data protection.

Remediation Steps:

Perform following to Remove all non-required guest users :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to All resources.

3. Filter resources for Azure subscription that need to update from the Subscription list.

4. Filter using the Type and select Azure Cache for Redis to list Redis Cache servers in the selected subscription.

5. Select Redis Cache servers reported.

6. Under Settings, select Advanced settings.

7. In Advanced Settings page, select the Allow access only via SSL toggle to Yes.

8. Under Non-SSL Port, Select Disable.

9. Under SSL Port, enter port value (6380).

10. Under Minimum TLS version, Select the TLS version allowed (1.2 recommended).

11. Select Save.

Important:

Reference:

• https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure

• https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#advanced-settings