---
title: Network security group rules should not allow unrestricted inbound SSH access
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Network security group rules should not
  allow unrestricted inbound SSH access
---

# Network security group rules should not allow unrestricted inbound SSH access
 
## Description{% #description %}

Network security groups provide filtering of ingress and egress network traffic to OCI resources at the VNIC level. It is recommended that no network security group allows unrestricted ingress access to TCP port 22 from `0.0.0.0/0` (IPv4) or `::/0` (IPv6). Removing unrestricted connectivity to remote console services, such as Secure Shell (SSH), reduces a server's exposure to risk.

## Remediation{% #remediation %}

Remove or modify ingress security rules that allow SSH access from `0.0.0.0/0` (IPv4) or `::/0` (IPv6). Instead, restrict SSH access to specific IP ranges or use VPN connections. For guidance on configuring network security groups, refer to the [Network Security Groups](https://docs.oracle.com/iaas/Content/Network/Concepts/networksecuritygroups.htm) section of the Oracle Cloud Infrastructure documentation.