This rule ensures that no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports.
Rule | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports |
Framework | cis_v150 |
Severity | ✔ High |
Rule Description:
The rule ensures that network Access Control Lists (ACLs) do not allow any incoming traffic from the IP range 0.0.0.0/0 to remote server administration ports. This rule is essential to restrict unauthorized access to the server administration ports and prevent potential security breaches.
Troubleshooting Steps:
Code:
No specific code is required for this rule as it involves reviewing and modifying existing Network ACL settings. However, if any changes are required, relevant command-line interface (CLI) commands will be provided for remediation.
Remediation Steps:
Follow the step-by-step guide below for remediation:
Log in to the network device or firewall that manages the Network ACLs.
Get a list of available Network ACLs:
show access-lists
Identify the Network ACL associated with the relevant subnet or target server.
View the existing inbound rules of the Network ACL:
show access-lists <acl-name>
Review the rules and identify any entry that allows ingress from 0.0.0.0/0 to remote server administration ports.
Modify the rule if required to specify a more limited source IP range. For example:
access-list <acl-name> deny tcp any host <server-ip> eq <port>
Replace
<acl-name>
with the actual name of the Network ACL, <server-ip>
with the IP address of the remote server, and <port>
with the administration port number. Repeat this step for each relevant rule.Remove the rule completely if it is not necessary or poses a security risk:
no access-list <acl-name> <rule-number>
Replace
<acl-name>
with the actual name of the Network ACL and <rule-number>
with the sequential number of the rule to be removed.Save the configuration changes:
write memory
Validate that the Network ACL no longer allows ingress from 0.0.0.0/0 to remote server administration ports by reviewing the updated configuration:
show access-lists <acl-name>
Ensure that the appropriate changes have been implemented successfully.
By following these steps, the network infrastructure will be aligned with the rule, restricting unauthorized access from the IP range 0.0.0.0/0 to remote server administration ports.