HIGHCIS 2.2

Ensure security lists do not allow unrestricted SSH

Security lists should not allow SSH (port 22) from 0.0.0.0/0.

Security Impact

Open SSH access exposes instances to brute force attacks.

How to Remediate

Remove or modify rules allowing SSH from 0.0.0.0/0. Use Bastion service.

Affected Resources

OCI::Core::SecurityList

Compliance Frameworks

CIS OCI v1.2.0SOC 2PCI-DSSHIPAA

How TigerGate Helps

TigerGate continuously monitors your Oracle Cloud environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

  • Continuous Scanning

    Automatically scans all Oracle Cloud Virtual Cloud Network (VCN) resources across your Oracle Cloud tenancies every hour

  • Instant Alerts

    Get notified via Slack, email, or webhooks when this misconfiguration is detected

  • One-Click Remediation

    Fix this issue directly from the TigerGate dashboard with our guided remediation

  • Compliance Evidence

    Automatically collect audit evidence for CIS OCI v1.2.0, SOC 2, PCI-DSS compliance

  • Drift Detection

    Get alerted if this configuration drifts back to an insecure state after remediation

Check Details

Check ID
oracle-networking-2
Service
Oracle Cloud Virtual Cloud Network (VCN)
Category
Network Security
Severity
HIGH
CIS Benchmark
2.2

Automate This Check

TigerGate automatically scans your Oracle Cloud environment for this and 50+ other security checks.

Start Free Trial

Related Oracle Cloud Virtual Cloud Network (VCN) Checks

View all checks
oracle-networking-1medium

Ensure VCN flow logs are enabled

oracle-networking-3high

Ensure security lists do not allow unrestricted RDP

oracle-networking-4medium

Ensure default security list restricts all traffic

oracle-networking-5medium

Ensure NSGs are used instead of security lists

oracle-networking-6high

Ensure Bastion service is used for remote access