iCompaas Support

Profile Applicability:

• Level 1
  

Description:
 Setting 'Allow access only via SSL' to 'Yes' ensures that data in transit to and from Azure Cache for Redis is encrypted using TLS (Transport Layer Security), providing secure communication over the network.

Rationale:
 Encryption of data in transit is essential to protect it from attacks like "Man-In-The-Middle" (MITM), eavesdropping, or session hijacking. Enforcing SSL/TLS encryption ensures that sensitive data is transmitted securely over the network, preventing unauthorized access.

Impact:

• Pros:
  

  • Protects data integrity and confidentiality during transmission.
    

  • Helps mitigate potential attack vectors such as MITM attacks.
    

  • No additional cost is required for implementation.
    

• Cons:
  

  • No unencrypted access; all communication must be via SSL.
    

Default Value:

By default, 'Allow access only via SSL' is set to 'Yes'.

Pre-requisites:
 Ensure that SSL is properly configured for your Redis instance and that the necessary certificates are in place.

Remediation

Test Plan:

Using Azure Portal:

1. Log in to the Azure Portal.
   

2. Search for and open the Azure Cache for Redis service.
   

3. For each instance, click on the name of the instance.
   

4. In the Settings section, click on Advanced Settings.
   

5. Review the setting under Allow access only via SSL.
   

   • If Yes is selected, the configuration is compliant.
     

Using Azure CLI:
1.  Run the following command to verify the SSL setting

az redis show --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --query sslEnabled

• The output should return true if SSL is enabled.
  
  

Implementation Plan:

Using Azure Portal:

1. Go to Azure Cache for Redis.
   

2. For each instance, click on the name.
   

3. Under Settings, click on Advanced Settings.
   

4. Set Allow access only via SSL to Yes.
   

Using Azure CLI:
1.  To enable SSL access, run the following command

az redis update --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --set enableSsl=true

Backout Plan:

Using Azure Portal:

1. Log in to the Azure Portal.
   

2. Navigate to the Azure Cache for Redis service.
   

3. Select the Redis instance and disable the Allow access only via SSL setting.
   

Using Azure CLI:
 1. To disable SSL access, run

az redis update --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --set enableSsl=false

References:

• Azure Cache for Redis Best Practices
  

• CIS Benchmark for Azure Cache for Redis