Ensure no security group rules allow outbound traffic to 0.0.0.0/0
Description
This policy checks whether any security group rules allow outbound traffic to 0.0.0.0/0, which could potentially expose the resource to unauthorized access from the internet. It's essential to restrict outbound traffic to only necessary destinations to prevent unintended data leakage or malicious activity. By limiting outbound traffic, you can reduce the attack surface of your resources and protect sensitive data. This check is crucial for maintaining the security and integrity of your network infrastructure.
Code Example
terraform
resource "ncloud_access_control_group_rule" "example" {
access_control_group_no = ":your_acg_no"
protocol = "TCP"
ip_block = ["192.168.1.0/24"]
port_range = "80"
rule_action = "ALLOW"
}Remediation
Ensure security group rules do not allow outbound traffic to 0.0.0.0/0 by specifying a more restrictive IP range or using a different security group configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1206 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_access_control_group_rule |
| Checkov ID | CKV_NCP_3 |