Aqua CSPM

Default Security List

Quick Info

Plugin TitleDefault Security List
CloudORACLE
CategoryNetworking
DescriptionEnsure the default security lists block all traffic by default
More InfoThe default security list is often used for resources launched without a defined security list. For this reason, the default rules should be to block all traffic to prevent an accidental exposure.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm
Recommended ActionUpdate the rules for the default security list to deny all traffic by default

Detailed Remediation Steps

  1. Log in to the Google Oracle Platform Console.
  2. Scroll down the left navigation panel and choose the “Virtual Cloud Networks” under the “Networking.”
  3. On the “Virtual Cloud Networks” page, click on the “Name” as a link to access the “Virtual Network.”
  4. On the “Virtual Cloud Network Details” page, scroll down the left navigation panel and choose the “Security Lists” option under the “Resources.”
  5. On the “Security Lists” page, click on the “Name” as a link for “Default Security List” to access the security list.
  6. On the “Default Security List” check if there are any ports open for traffic. If yes, then it’s not as per the best practices define by GCP.
  7. Repeat steps number 2 - 6 to verify “Default Security Group” in other accounts.
  8. Navigate to “Virtual Cloud Networks” under the “Networking”, click on the “Name” as a link to access the “Virtual Network”, select the “Default Security List” which needs to block all traffic by default.
  9. On the “Default Security List” page, select the “Ingress Rules” and click on the “Remove” button at the top to remove any “Ingress Traffic rule."
  10. Repeat “Step 9” for the “Egress Rules."
  11. Repeat steps number 8 - 10 to update the rules for the default security list to deny all traffic by default.