Aqua CSPM

Open All Ports Protocols

Quick Info

Plugin TitleOpen All Ports Protocols
CloudORACLE
CategoryNetworking
DescriptionDetermine if security list has all ports or protocols open to the public
More InfoSecurity lists should be created on a per-service basis and avoid allowing all ports or protocols.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm
Recommended ActionModify the security list to specify a specific port and protocol to allow.

Detailed Remediation Steps

  1. Log in to the Google Oracle Platform Console.
  2. Scroll down the left navigation panel and choose the “Virtual Cloud Networks” under the “Networking.”
  3. On the “Virtual Cloud Networks” page, click on the “Name” as a link to access the “Virtual Network.”
  4. On the “Virtual Cloud Network Details” page, scroll down the left navigation panel and choose the “Network Security Groups” option under the “Resources.”
  5. On the “Network Security Groups” page, select the “Security group” by clicking on the “Name” as a link to access the security group.
  6. On the “Network Security Group Details” page, under the “Security Rules” check if security list has all ports or protocols open to the public.
  7. Repeat steps number 2 - 6 to check other “Security Groups” in the account.
  8. Navigate to “Virtual Cloud Networks” under the “Networking”, click on the “Name” as a link to access the “Virtual Network”, select the “Security Group” in which security list has all ports or protocols open to the public.
  9. On the “Security Rules” page, click on the checkbox of the “Ingress” and click on the “Edit” button at the top to make the changes.
  10. On the “Edit Rules” page, enter the “IP Address” as per requirements under the “Source CIDR” and click on the “Save” button to make the changes.
  11. Repeat steps number to restrict security list to specify a specific port and protocol to allow.