Control: 6.2.2 Ensure the default security group of every VPC restricts all traffic
VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Server. It is recommended that no security group allows unrestricted ingress access to a Virtual Server. Unless modified, the default security group allows inbound traffic from all members of the group that is, all other virtual servers that are attached to this security group.
- Log in to IBM Cloud
- At the Menu icon, select VPC Infrastructure-->VPC Layout and Security Groups.
- For the default security group, perform the following:
- Identify the Inbound rule.
- Update the rule to only allow the required traffic flow.
Run the control in your terminal:
steampipe check ibm_compliance.control.cis_v100_6_2_2
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share ibm_compliance.control.cis_v100_6_2_2
This control uses a named query:manual_control