Checks whether the destination IP address specified in the inbound rule for virtual private cloud (VPC) access control is set to 0.0.0.0/0 and the specified port range does not contain a high-risk port. If so, the evaluation result is Compliant.
Scenarios
You must disable all high-risk ports when you allow access to a VPC from all CIDR blocks over the Internet. This ensures the network security of your system.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
Checks whether the destination IP address specified in the inbound rule for VPC access control is set to 0.0.0.0/0 and the specified port range does not contain a high-risk port. If so, the evaluation result is Compliant.
Rule details
Parameter | Description |
Rule Template Name | vpc-network-acl-risky-ports-check |
Rule Template Identifier | |
Tag | NetworkAcl |
Automatic remediation | Not supported |
Invoke Type | Configuration Change |
Supported resource type | Network access control list (ACL) (ACS::VPC::NetworkAcl) |
Input parameter |
|
Non-compliance remediation
No high-risk port exists in the specified port range. For more information, see Create and manage a network ACL.