Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure No Network ACLs Allow Ingress Rule

This rule ensures that no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports.

RuleEnsure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
Frameworkcis_v150
Severity
High

Rule Description:

The rule ensures that network Access Control Lists (ACLs) do not allow any incoming traffic from the IP range 0.0.0.0/0 to remote server administration ports. This rule is essential to restrict unauthorized access to the server administration ports and prevent potential security breaches.

Troubleshooting Steps:

  1. 1.
    Identify the existing Network ACLs within the network configuration.
  2. 2.
    Review the inbound rules of each Network ACL.
  3. 3.
    Check if any rule allows ingress from the IP range 0.0.0.0/0 to specific remote server administration ports.
  4. 4.
    If such rule is found, it needs to be modified or removed to align with the defined policy.

Code:

No specific code is required for this rule as it involves reviewing and modifying existing Network ACL settings. However, if any changes are required, relevant command-line interface (CLI) commands will be provided for remediation.

Remediation Steps:

Follow the step-by-step guide below for remediation:

  1. 1.

    Log in to the network device or firewall that manages the Network ACLs.

  2. 2.

    Get a list of available Network ACLs:

    show access-lists
    
  3. 3.

    Identify the Network ACL associated with the relevant subnet or target server.

  4. 4.

    View the existing inbound rules of the Network ACL:

    show access-lists <acl-name>
    
  5. 5.

    Review the rules and identify any entry that allows ingress from 0.0.0.0/0 to remote server administration ports.

  6. 6.

    Modify the rule if required to specify a more limited source IP range. For example:

    access-list <acl-name> deny tcp any host <server-ip> eq <port>
    

    Replace

    <acl-name>
    with the actual name of the Network ACL,
    <server-ip>
    with the IP address of the remote server, and
    <port>
    with the administration port number. Repeat this step for each relevant rule.

  7. 7.

    Remove the rule completely if it is not necessary or poses a security risk:

    no access-list <acl-name> <rule-number>
    

    Replace

    <acl-name>
    with the actual name of the Network ACL and
    <rule-number>
    with the sequential number of the rule to be removed.

  8. 8.

    Save the configuration changes:

    write memory
    
  9. 9.

    Validate that the Network ACL no longer allows ingress from 0.0.0.0/0 to remote server administration ports by reviewing the updated configuration:

    show access-lists <acl-name>
    

    Ensure that the appropriate changes have been implemented successfully.

By following these steps, the network infrastructure will be aligned with the rule, restricting unauthorized access from the IP range 0.0.0.0/0 to remote server administration ports.

Is your System Free of Underlying Vulnerabilities?
Find Out Now