Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Severity : Medium

Description: This control ensures that OCI SSH access is restricted from the internet. OCI Security List and Security Groups uses Applications (Protocol, Port) and Network IP address as source and destination to allow traffic to VNICs in a subnet. Each rule either allows or denies traffic when its conditions are met. Network IP addresses with Generic (0.0.0.0/0) incoming traffic from internet to VCN using SSH on Port 22 must be avoided in the Security List and Security Groups.C

Remediation Steps:

Perform following to update the security rules in security List :

  1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html.

  2. In navigation click Networking and then click Virtual Cloud Networks.

  3. Click on the VCN reported.

  4. Under Resources, click Network List.

  5. Select the security List reported.

  6. Under Resources, click either Ingress Rules.

  7. To edit rule with IP Protocol TCP and port 22, click Edit Rule.

  8. Edit the Source CIDR from 0.0.0.0/0 to specific IP addresses or network.

  9. Click Save Changes.

Important:

Reference:

  • No labels