last sync: 2024-Oct-11 17:51:27 UTC

Connection throttling should be enabled for PostgreSQL database servers

Azure BuiltIn Policy definition

Source Azure Portal
Display name Connection throttling should be enabled for PostgreSQL database servers
Id 5345bb39-67dc-4960-a1bf-427e16b9a0bd
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description This policy helps audit any PostgreSQL databases in your environment without Connection throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DBforPostgreSQL/servers/configurations/value Microsoft.DBforPostgreSQL servers/configurations properties.value True False
Rule resource types IF (1)
Microsoft.DBforPostgreSQL/servers
Compliance
The following 7 compliance controls are associated with this Policy definition 'Connection throttling should be enabled for PostgreSQL database servers' (5345bb39-67dc-4960-a1bf-427e16b9a0bd)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 4 Database Services Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'connection_throttling' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 4 Database Services Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'connection_throttling' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 4 Database Services Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'connection_throttling' on 'PostgreSQL Servers'. link 5
CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 4.3 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server Shared n/a Enable `connection_throttling` on `PostgreSQL Servers`. Enabling `connection_throttling` helps the PostgreSQL Database to `Set the verbosity of logged messages`. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance. link 5
New_Zealand_ISM 18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 New_Zealand_ISM_18.4.7.C.02 18. Network security Intrusion Detection and Prevention - Intrusion Detection and Prevention strategy (IDS/IPS) n/a An IDS/IPS when configured correctly 2
NZ_ISM_v3.5 NS-7 NZ_ISM_v3.5_NS-7 NZISM Security Benchmark NS-7 Network security 18.4.7 Intrusion Detection and Prevention strategy (IDS/IPS) Customer n/a An IDS/IPS when configured correctly, kept up to date and supported by appropriate processes, can be an effective way of identifying, responding to and containing known attack types, specific attack profiles or anomalous or suspicious network activities. link 1
RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services Cloud Services - 10.49 Shared n/a A financial institution must fully understand the inherent risk of adopting cloud services. In this regard, a financial institution is required to conduct a comprehensive risk assessment prior to cloud adoption which considers the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the Internet. The assessment must specifically address risks associated with the following: (a) sophistication of the deployment model; (b) migration of existing systems to cloud infrastructure; (c) location of cloud infrastructure; (d) multi-tenancy or data co-mingling; (e) vendor lock-in and application portability or interoperability; (f) ability to customise security configurations of the cloud infrastructure to ensure a high level of data and technology system protection; (g) exposure to cyber-attacks via cloud service providers; (h) termination of a cloud service provider including the ability to secure the financial institution's data following the termination; (i) demarcation of responsibilities, limitations and liability of the service provider; and (j) ability to meet regulatory requirements and international standards on cloud computing on a continuing basis. link 5
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
[Preview]: Control the use of PostgreSql in a Virtual Enclave 5eaa16b4-81f2-4354-aef3-2d77288e396e VirtualEnclaves Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC