Network misconfigurations

Default security list allows unrestricted traffic

Platform(s)

  • N/A

Compliance Frameworks

Description

A default security list is automatically created when a Virtual Cloud Network (VCN) is created. Security lists provide stateful filtering of ingress and egress network traffic to OCI resources. Unlike other security lists, the default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets. It was detected that the default security list of the VCN {OciVcn.Name} allows unrestricted traffic. It is advised that the default security list of every VCN will restrict all traffic except ICMP in order to prevent unauthorized access or attacks on compute instances.
Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.