Network misconfigurations

Security group allows unrestricted ingress access to port 22 (SSH)

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

Network security groups (NSGs) act as virtual firewalls for your compute instances and other kinds of resources. An NSG consists of a set of ingress and egress security rules that specify the types of traffic allowed in and out. NSG security rules apply only to a set of VNICs (Virtual Network Interface Cards) of your choice in a single VCN (Virtual Cloud Network). Compared to security lists, NSGs let you separate your VCN's subnet architecture from your application security requirements. It was detected that the NSG {OciNetworkSecurityGroup.Name} under VCN {OciNetworkSecurityGroup.Vcn} allows unrestricted ingress access to port 22 (SSH). To prevent unauthorized access or attacks on compute instances, it is advised to allow SSH access only from authorized CIDR blocks, rather than leaving them open to the internet (0.0.0.0/0).
  • Recommended Mitigation

    It is recommended to either edit the security rule to be more restrictive, delete the security rule, or terminate the NSG.