Default network security lists should restrict all non ICMP traffic

oracle-cloud-infrastructure
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Security lists provide stateful and stateless filtering of ingress and egress network traffic to OCI resources on a subnet level. Default security lists should restrict all non-ICMP traffic from 0.0.0.0/0 (IPv4) and ::/0 (IPv6) to prevent unauthorized access. This rule specifically targets default security lists and ensures they do not allow unrestricted ingress from any IP address (0.0.0.0/0 or ::/0) for non-ICMP protocols, nor allow unrestricted egress to any destination (0.0.0.0/0 or ::/0) for all protocols. Non-default security lists are automatically skipped from this evaluation.

Remediation

Remove or modify ingress security rules in default security lists that allow non-ICMP traffic from 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Remove or modify egress security rules that allow traffic to 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Instead, restrict access to specific IP ranges or use VPN connections. For guidance on configuring network security lists, refer to the Updating Rules in a Security List section of the Oracle Cloud Infrastructure documentation.