Prevasio | GCP SQL — Security issues

Username
My account Support
Sign out
Global
SQL does not require region selection
US East (South Carolina) us-east1 US East (North Virginia) us-east4 US West (Oregon) us-west1 US West (Los Angeles) us-west2 US West (Salt Lake City) us-west3 US West (Las Vegas) us-west4 US Central (Iowa) us-central1 US (multi-region) us
Canada (Montréal) northamerica-northeast1 Canada (Toronto) northamerica-northeast2
South America (São Paulo) southamerica-east1 South America (Santiago) southamerica-west1
Europe (Belgium) europe-west1 Europe (London) europe-west2 Europe (Frankfurt) europe-west3 Europe (Netherlands) europe-west4 Europe (Zurich) europe-west6 Europe (Finland) europe-north1 Europe (Warsaw) europe-central2 Europe (multi-region) europe
Asia (Mumbai) asia-south1 Asia (Delhi) asia-south2 Asia (Singapore) asia-southeast1 Asia (Jakarta) asia-southeast2 Asia (Taiwan) asia-east1 Asia (Hong Kong) asia-east2 Asia (Tokyo) asia-northeast1 Asia (Osaka) asia-northeast2 Asia (Seoul) asia-northeast3 Asia (multi-region) asia
Australia (Sydney) australia-southeast1 Australia (Melbourne) australia-southeast2

my-sql-instance3

Overview

Critical

1

High

1

Medium

13

Low

1

Informational

0

Security issues (16)

Severity	Non-Compliance	Issue	Remediation	Read more	Action
Medium	—	SQL database instance is publicly accessible from all IP addresses.	To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only.	More info
Medium	HIPAA (Backup)	SQL database instance has no backup run, and so it can not be restored to a recent point.	To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point.	More info
Medium	CIS 6.7	SQL database instance does not have an automated backup enabled.	Ensure that automated backups are enabled for all SQL database instances.	More info
Medium	—	SQL database instance does not have multi-AZ enabled.	Ensure that all SQL instances are created with a secondary AZ to ensure proper failover.	More info
Medium	CIS 6.4 PCI DSS 4.2 HIPAA (Encryption)	SQL database instance has SSL/TLS disabled.	To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only.	More info
Medium	—	PostgreSQL database instance has "log_checkpoints" flag disabled.	To allow checkpoints and restart points to be logged, ensure all your PostgreSQL database instances have the "log_checkpoints" flag enabled.	More info
Medium	CIS 6.2.2	PostgreSQL database instance has "log_connections" flag disabled.	To ensure each attempted connection to the database instance to be logged, ensure all your PostgreSQL database instances have the "log_connections" flag enabled.	More info
Medium	CIS 6.2.3	PostgreSQL database instance has "log_disconnections" flag disabled.	To ensure the database logs the end of each session, ensure all your PostgreSQL database instances have the "log_disconnections" flag enabled.	More info
Medium	—	PostgreSQL database instance has "log_lock_waits" flag disabled.	To diagnose poor performance due to locking delays and identify underlying security and performance issues, ensure all your PostgreSQL database instances have the "log_lock_waits" flag enabled.	More info
Medium	CIS 6.2.8	PostgreSQL database instance has "log_min_duration_statement" flag enabled.	To avoid logging statements with sensitive information, ensure all your PostgreSQL database instances have the "log_min_duration_statement" flag set to -1 (i.e. disabled).	More info
Medium	CIS 6.2.7	PostgreSQL database instance does not have "log_min_error_statement" flag set to Error.	As the best practice setting, ensure all your PostgreSQL database instances have the "log_min_error_statement" flag (the minimum message severity level considered an error statement) to be set to Error (or stricter).	More info
Medium	—	PostgreSQL database instance has "log_temp_files" flag disabled.	To diagnose potential performance issues that can be created by poor programming practices, ensure all your PostgreSQL database instances have the "log_temp_files" flag set to 0 (enabled).	More info
Critical	—	SQL database instance SSL certificate has expired 34 days ago.	Ensure that all incoming connections to your SQL database instances remain secure by rotating all the server certificates before they expire.	More info
Medium	CIS 6.6	SQL database instance has public IPs.	To reduce the application's attack surface, ensure your SQL database instances are configured to use private IP addresses instead of public IPs.	More info
Low	—	SQL database instance has automatic storage increase limit set zero (no limit for storage growth).	To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit.	More info
High	PCI DSS 3.5 HIPAA (Encryption)	SQL database instance is not encrypted using Customer-Managed Keys (CMK).	To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK.	More info