Ensure no NACL allow inbound from 0.0.0.0:0 to port 20
Description
This policy checks for Network Access Control List (NACL) inbound rules that allow traffic on port 20, which is typically used for FTP data connections. Allowing inbound traffic on this port can pose a security risk if not properly secured. It is essential to restrict access to only trusted sources to prevent unauthorized data transfer. By checking for NACL inbound rules on port 20, this policy helps ensure that the network is properly secured against potential threats.
Code Example
terraform
resource "aws_network_acl" "example" {
ingress {
protocol = "tcp"
rule_no = 100
action = "deny"
cidr_block = "0.0.0.0/0"
from_port = 20
to_port = 20
}
}Remediation
Restrict inbound traffic on port 20 to trusted sources by updating the NACL rules.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1211 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_network_acl_rule |
| Checkov ID | CKV_NCP_8 |