Quick Info
| Plugin Title | Open All Ports Protocols |
| Cloud | ORACLE |
| Category | Networking |
| Description | Determine if security list has all ports or protocols open to the public |
| More Info | Security lists should be created on a per-service basis and avoid allowing all ports or protocols. |
| ORACLE Link | https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm |
| Recommended Action | Modify the security list to specify a specific port and protocol to allow. |
Detailed Remediation Steps
- Log in to the Google Oracle Platform Console.
- Scroll down the left navigation panel and choose the “Virtual Cloud Networks” under the “Networking.”
- On the “Virtual Cloud Networks” page, click on the “Name” as a link to access the “Virtual Network.”
- On the “Virtual Cloud Network Details” page, scroll down the left navigation panel and choose the “Network Security Groups” option under the “Resources.”
- On the “Network Security Groups” page, select the “Security group” by clicking on the “Name” as a link to access the security group.
- On the “Network Security Group Details” page, under the “Security Rules” check if security list has all ports or protocols open to the public.
- Repeat steps number 2 - 6 to check other “Security Groups” in the account.
- Navigate to “Virtual Cloud Networks” under the “Networking”, click on the “Name” as a link to access the “Virtual Network”, select the “Security Group” in which security list has all ports or protocols open to the public.
- On the “Security Rules” page, click on the checkbox of the “Ingress” and click on the “Edit” button at the top to make the changes.
- On the “Edit Rules” page, enter the “IP Address” as per requirements under the “Source CIDR” and click on the “Save” button to make the changes.
- Repeat steps number to restrict security list to specify a specific port and protocol to allow.