Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22
Description
This policy checks for potential security risks associated with allowing inbound traffic on port 22, which is commonly used for SSH access, in Access Control Group rules. Allowing unrestricted access to this port can expose the system to unauthorized access and increase the risk of brute-force attacks. It is essential to restrict access to port 22 to only trusted sources to prevent potential security breaches. By checking for this, the rule helps in maintaining the security and integrity of the infrastructure.
Code Example
terraform
resource "ncloud_access_control_group_rule" "example" {
access_control_group_no = ncloud_access_control_group.example.id
protocol = "TCP"
inbound_port_range = "22"
inbound_nexus_type = "SECURITY_GROUP"
inbound_security_group_no = ncloud_security_group.example.id
}Remediation
Restrict inbound traffic on port 22 to trusted sources by specifying a CIDR block or a security group that only includes trusted IP addresses.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1207 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | ncloud_access_control_group_rule |
| Checkov ID | CKV_NCP_4 |