Network security lists should not allow unrestricted inbound SSH access

oracle-cloud-infrastructure

Description

Security lists provide stateful and stateless filtering of ingress and egress network traffic to OCI resources on a subnet level. It is recommended that no security list allows unrestricted ingress access to TCP port 22 from 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Removing unrestricted connectivity to remote console services, such as Secure Shell (SSH), reduces a server’s exposure to risk.

Remediation

Remove or modify ingress security rules that allow SSH access from 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Instead, restrict SSH access to specific IP ranges or use VPN connections. For guidance on configuring network security lists, refer to the Updating Rules in a Security List section of the Oracle Cloud Infrastructure documentation.