33. 33Dome9で提供される評価ルール
要件1.1.6に関連するルールは以下の4つ
• Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols
• Ensure no security groups allow ingress from 0.0.0.0/0 to RDP (TCP:3389)
• Ensure no security groups allow ingress from 0.0.0.0/0 to SSH (TCP:22)
• Security Groups - with admin ports too exposed to the public internet
SecurityGroup should not have inboundRules with [ scope='0.0.0.0/0' and portTo=0]
SecurityGroup should not have inboundRules with [scope = '0.0.0.0/0' and port<=3389 and
portTo>=3389]
SecurityGroup should not have inboundRules with [scope = '0.0.0.0/0' and port<=22 and
portTo>=22]
SecurityGroup should not have inboundRules with [scope = '0.0.0.0/0' and port in (20, 21, 22,
23, 115, 137, 138, 139, 2049, 3389)]