v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 6.2.2 Ensure the default security group of every VPC restricts all traffic

Description

VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Server. It is recommended that no security group allows unrestricted ingress access to a Virtual Server. Unless modified, the default security group allows inbound traffic from all members of the group that is, all other virtual servers that are attached to this security group.

Remediation

  1. Log in to IBM Cloud
  2. At the Menu icon, select VPC Infrastructure-->VPC Layout and Security Groups.
  3. For the default security group, perform the following:
    • Identify the Inbound rule.
    • Update the rule to only allow the required traffic flow.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_6_2_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_6_2_2 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 6.2.2
cis_level = 1
cis_section_id = 6.2
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/VPC