---
title: Network security lists should not allow unrestricted inbound SSH access
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Network security lists should not allow
  unrestricted inbound SSH access
---

# Network security lists should not allow unrestricted inbound SSH access
 
## Description{% #description %}

Security lists provide stateful and stateless filtering of ingress and egress network traffic to OCI resources on a subnet level. It is recommended that no security list allows unrestricted ingress access to TCP port 22 from `0.0.0.0/0` (IPv4) or `::/0` (IPv6). Removing unrestricted connectivity to remote console services, such as Secure Shell (SSH), reduces a server's exposure to risk.

## Remediation{% #remediation %}

Remove or modify ingress security rules that allow SSH access from `0.0.0.0/0` (IPv4) or `::/0` (IPv6). Instead, restrict SSH access to specific IP ranges or use VPN connections. For guidance on configuring network security lists, refer to the [Updating Rules in a Security List](https://docs.oracle.com/iaas/Content/Network/Concepts/update-securitylist.htm) section of the Oracle Cloud Infrastructure documentation.