Default security list allows unrestricted traffic

Network misconfigurations

Default security list allows unrestricted traffic

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
OCI CIS
PDPA
UK Cyber Essentials

Description

A default security list is automatically created when a Virtual Cloud Network (VCN) is created. Security lists provide stateful filtering of ingress and egress network traffic to OCI resources. Unlike other security lists, the default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets. It was detected that the default security list of the VCN {OciVcn.Name} allows unrestricted traffic. It is advised that the default security list of every VCN will restrict all traffic except ICMP in order to prevent unauthorized access or attacks on compute instances.

Recommended Mitigation

It is recommended to either edit the security rule to be more restrictive or delete the security rule.

Default security list allows unrestricted traffic

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS