Page Comparison

Severity :

...

Medium

Description:

...

This control ensures that a default security list is

...

configured for the VCN with the rules to block unintended traffic connection to resources of VCN. The security list acts as virtual firewalls to prevent unrestricted connection to resources in VCN. When No custom security list is specify for a subnet, the default security list is automatically used with that subnet. The default security List comes with initial set of stateful rules. Update the list to deny all traffic on all ports from all sources.

Remediation Steps:

Perform following to create subnets in the VNC :

1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html.

2. In navigation click Networking and then click Virtual Cloud Networks.

3. Click on the VNC reported.

4. Under Resources, click Security Lists.

5. Click the Default security list reported.

6. Under Resources, click either Ingress Rules. To add a deny all rule

   1. Click either Add Ingress Rule.

   2. Keep stateful rule option.

   3. Enter either the source CIDR as 0.0.0.0/0 to indicate all IP address.

   4. Select “All protocols” for IP protocol.

   5. Select All for port.

   6. Add Description for description.

   7. Click Add Ingress Rules.

Important:

Reference:

• https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#create_new_sec_list