LOW
Source
CloudSploit
ID
default-security-list

Default Security List

Ensure the default security lists block all traffic by default

The default security list is often used for resources launched without a defined security list. For this reason, the default rules should be to block all traffic to prevent an accidental exposure.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Google Oracle Platform Console.

  2. Scroll down the left navigation panel and choose the “Virtual Cloud Networks” under the “Networking.” Step

  3. On the “Virtual Cloud Networks” page, click on the “Name” as a link to access the “Virtual Network.” Step

  4. On the “Virtual Cloud Network Details” page, scroll down the left navigation panel and choose the “Security Lists” option under the “Resources.” Step

  5. On the “Security Lists” page, click on the “Name” as a link for “Default Security List” to access the security list.Step

  6. On the “Default Security List” check if there are any ports open for traffic. If yes, then it’s not as per the best practices define by GCP.Step

  7. Repeat steps number 2 - 6 to verify “Default Security Group” in other accounts.

  8. Navigate to “Virtual Cloud Networks” under the “Networking”, click on the “Name” as a link to access the “Virtual Network”, select the “Default Security List” which needs to block all traffic by default.Step

  9. On the “Default Security List” page, select the “Ingress Rules” and click on the “Remove” button at the top to remove any “Ingress Traffic rule.”Step

  10. Repeat “Step 9” for the “Egress Rules.”Step

  11. Repeat steps number 8 - 10 to update the rules for the default security list to deny all traffic by default.