Ensure no NACL allow inbound from 0.0.0.0:0 to port 21
Description
This policy checks for unrestricted inbound access on port 21, which is commonly used for FTP connections. Allowing unrestricted access to this port can expose the system to unauthorized access and data breaches. It is essential to restrict access to only trusted sources to prevent potential security risks. By limiting inbound traffic on this port, the risk of malicious activity can be significantly reduced.
Code Example
terraform
resource "aws_network_acl" "example" {
ingress {
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = "10.0.0.0/16"
from_port = 21
to_port = 21
}
}Remediation
Restrict inbound access on port 21 to specific IP addresses or security groups.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1212 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_network_acl_rule |
| Checkov ID | CKV_NCP_9 |