An inbound Network ACL rule should not allow ALL ports.

Description

This policy checks whether an inbound Network ACL rule allows all ports, which can pose a significant security risk by exposing the network to unauthorized access. Allowing all ports can enable malicious actors to exploit vulnerabilities in services running on any port. It is essential to restrict access to only necessary ports to minimize the attack surface. By limiting the port range, you can reduce the risk of unauthorized access and protect your network from potential threats.

Code Example

terraform

resource "ncloud_network_acl_rule" "example" {
  inbound {
    port_range = "22-22"
  }
}

Remediation

Ensure the inbound Network ACL rule does not allow all ports by specifying a limited port range.

Rule Details

Field	Value
ID	IAC-1215
Severity	MEDIUM
IaC Type	Terraform
Frameworks	ncloud_network_acl_rule
Checkov ID	CKV_NCP_12

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

An inbound Network ACL rule should not allow ALL ports.

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

An inbound Network ACL rule should not allow ALL ports. ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

An inbound Network ACL rule should not allow ALL ports.

Description

Code Example

Remediation

Rule Details

References