Updated on 2025-05-22 GMT+08:00

SEC02-03 Minimizing Network Access Permissions

Ensure that only necessary personnel or components can access specific network resources.

  • Risk level

    High

  • Key strategies
    • Configure security groups and network ACLs to control incoming and outgoing traffic for cloud resources. Make sure only authorized traffic can access specific services and ports. Optimize the ACL of each network area based on service requirements and reduce the number of access control rules as much as possible.
    • Restrict public IP address exposure to the minimum required scope and disable external access to open high-risk ports and remote management ports. If it is not possible to disable all high-risk ports or remote management ports, open as few ports as possible.
    • Only open the network segments and ports required by services in the security group. Do not allow all IP addresses (0.0.0.0/0) to access the security group.
  • Related cloud services and tools
    • Virtual Private Cloud (VPC)
    • NAT Gateway
    • SecMaster: Cloud service baseline inspection