...
Description: This control ensures that OCI firewall policies restrict ingress traffic from Security List is restricted from the CIDR 0.0.0.0/0 to all ports. OCI Firewall Rules specify application list and to a Network IP address list. Each rule have action to either allows/Drop/Reject or All port. OCI Security List and Security Groups uses Applications (Protocol, Port) and Network IP address as source and destination to allow traffic to VNICs in a subnet. Each rule either allows or denies traffic when its conditions are met. Its conditions allow you to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Network IP addresses with Generic (0.0.0.0/0) incoming traffic from internet to VPC or VM instance on all portsVCN to destination Port All must be avoided in the Security List and Security Groups.
Remediation Steps:
Perform following to update the security rules in security List :
Login to the OCI console at https://www.oracle.com/cloud/sign-in.html.
In navigation click Networking and then click Virtual Cloud Networks.
Click on the VCN reported.
Under Resources, click Network List.
Select the security List reported.
Under Resources, click either Ingress Rules.
To edit rule with destination port All , click Edit Rule.
Edit the Source CIDR from 0.0.0.0/0 to specific IP addresses or network.
Click Save Changes.
Important:
Reference: