1

Scenario: I am connecting to my Azure SQL db(Paas) instance from my laptop using SQL management studio.

  1. Are my queries and the result data encrypted in transport here. I am worried that since the traffic is going through internet, can "Man in the middle attack" happen here.
  2. What are other security concerns/steps I should be taking care of here?

What I read so far from the internet is that Azure SQL Db only allows encrypted connections, so wish to double check my findings and also undertand more if someone has good answers.

Unnie
  • 918
  • 8
  • 30

2 Answers2

3

Are my queries and the result data encrypted in transport here.

Yes. From this link:

All connections to Azure SQL Database require encryption (SSL/TLS) at all times while data is "in transit" to and from the database. In your application's connection string, you must specify parameters to encrypt the connection and not to trust the server certificate (this is done for you if you copy your connection string out of the Azure Classic Portal), otherwise the connection will not verify the identity of the server and will be susceptible to "man-in-the-middle" attacks. For the ADO.NET driver, for instance, these connection string parameters are Encrypt=True and TrustServerCertificate=False.

What are other security concerns/steps I should be taking care of here?

Not specifically for man-in-the-middle attacks, but you should consider setting Firewall Rules properly so that users only from certain IP addresses can access your database.

I would strongly recommend reading this document for securing access to your Azure SQL Databases: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-security-overview.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
0

There are 3 elements to securing your connection to an Azure SQL db.

  1. Encrypted connection (by default)
  2. Allowed IPs. In azure SQL, you automatically get a firewall that you have to configure to allow access from the internet. Ensure that you are only configuring the IPs required for access.
  3. DNS resolution. Ensure that you are using a secured/trusted DNS server to resolve addresses to their correct locations
CtrlDot
  • 2,463
  • 14
  • 11