Default network security lists should restrict all non ICMP traffic

Docs > Plateforme de sécurité Datadog > OOTB Rules > Default network security lists should restrict all non ICMP traffic

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Security lists provide stateful and stateless filtering of ingress and egress network traffic to OCI resources on a subnet level. Default security lists should restrict all non-ICMP traffic from 0.0.0.0/0 (IPv4) and ::/0 (IPv6) to prevent unauthorized access. This rule specifically targets default security lists and ensures they do not allow unrestricted ingress from any IP address (0.0.0.0/0 or ::/0) for non-ICMP protocols, nor allow unrestricted egress to any destination (0.0.0.0/0 or ::/0) for all protocols. Non-default security lists are automatically skipped from this evaluation.

Remediation

Remove or modify ingress security rules in default security lists that allow non-ICMP traffic from 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Remove or modify egress security rules that allow traffic to 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Instead, restrict access to specific IP ranges or use VPN connections. For guidance on configuring network security lists, refer to the Updating Rules in a Security List section of the Oracle Cloud Infrastructure documentation.

Default network security lists should restrict all non ICMP traffic

Description

Remediation

How can I help you today?