Critical

Ensure there is no unrestricted inbound access to TCP port 3306 (MySQL)

Security & Compliance
Description

TCP port 3306 is the default port used by the MySQL database management system to listen for incoming client connections. Unrestricted inbound access to this port can potentially allow attackers to gain unauthorized access to the MySQL server, steal sensitive data, or execute malicious commands.

Remediation

port 3306 (MySQL):

  1. Identify all systems that require access to the MySQL server through TCP port 3306.
  2. Implement firewall rules and access control lists (ACLs) to block all incoming traffic to port 3306, except for authorized hosts or IP addresses that require access to the MySQL server.
  3. Use strong passwords for all MySQL user accounts and limit the privileges of each user account to the minimum necessary for their intended purpose.
  4. Regularly patch the MySQL server to address any security vulnerabilities or bugs that could be exploited by attackers.
  5. Monitor the MySQL server logs regularly to detect any unauthorized access attempts, security incidents, or suspicious activities.
  6. Enable SSL/TLS encryption for all MySQL connections to protect against eavesdropping and man-in-the-middle attacks.
  7. Implement additional security measures such as two-factor authentication, network segmentation, and intrusion detection/prevention systems to further enhance the security of the MySQL server.

By following these remediation steps, you can ensure that access to TCP port 3306 is restricted only to authorized sources, and that the MySQL server is protected against unauthorized access, data theft, and other security incidents.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.