Network misconfigurations

Default security list allows unrestricted traffic

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

A default security list is automatically created when a Virtual Cloud Network (VCN) is created. Security lists provide stateful filtering of ingress and egress network traffic to OCI resources. Unlike other security lists, the default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets. It was detected that the default security list of the VCN {OciVcn.Name} allows unrestricted traffic. It is advised that the default security list of every VCN will restrict all traffic except ICMP in order to prevent unauthorized access or attacks on compute instances.
  • Recommended Mitigation

    It is recommended to either edit the security rule to be more restrictive or delete the security rule.