Ensure no NACL allow inbound from 0.0.0.0:0 to port 22
Description
This policy checks for unrestricted inbound access to port 22, which is commonly used for SSH connections, in Network Access Control Lists (NACLs). Unrestricted access to this port can allow unauthorized users to connect to the network, potentially leading to security breaches and data compromise. It is essential to restrict access to port 22 to only trusted IP addresses or sources to prevent malicious activity. By doing so, the risk of unauthorized access and potential security threats can be significantly reduced.
Code Example
terraform
resource "aws_network_acl" "example" {
ingress {
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = "10.0.0.0/16"
from_port = 22
to_port = 22
}
}Remediation
Restrict inbound access to port 22 by specifying allowed IP addresses or sources in the NACL configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1213 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | ncloud_network_acl_rule |
| Checkov ID | CKV_NCP_10 |