Allow access only to the necessary ports
Summary
Network segments and servers with applications or content must allow access only to the necessary ports.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🟢 |
| Squad | 🟢 |
References
- CIS-4_5. Implement and manage a firewall on end-user devices
- CIS-4_8. Uninstall or disable unnecessary services on enterprise assets and software
- HIPAA-164_312_e_1. Standard: transmission security
- NERC CIP-007-6_R1_1. Ports and services
- OWASP TOP 10-A10. Server-side request forgery
- NIST Framework-PR_AC-5. Network integrity is protected
- NY SHIELD Act-5575_B_6. Personal and private information
- MITRE ATT&CK®-M1031. Network intrusion prevention
- PA-DSS-6_2. For wireless technology, implement strong encryption for authentication and transmission
- CMMC-AC_L2-3_1_17. Wireless access protection
- CMMC-MP_L2-3_8_1. Media protection
- CMMC-MP_L2-3_8_7. Removable media
- CMMC-PE_L1-3_10_5. Manage physical access
- CMMC-SC_L1-3_13_1. Boundary protection
- HITRUST CSF-01_l. Remote diagnostic and configuration port protection
- HITRUST CSF-08_c. Securing offices, rooms and facilities
- HITRUST CSF-09_m. Network controls
- FedRAMP-CM-7. Least functionality
- ISO/IEC 27002-8_21. Security of network services
- ISA/IEC 62443-RA-7_7. Least functionality
- OSSTMM3-9_7_3. Wireless security (controls verification) - Privacy
- ISSAF-E_13. Network security - Switch security assessment (assess private VLAN attack)
- ISSAF-L_4_3. Network security - WLAN security (audit and review)
- PTES-5_2_2_1. Vulnerability analysis - Network vulnerability scanners (port based)
- PTES-5_2_2_2. Vulnerability analysis - Network vulnerability scanners (service based)
- PTES-7_3_1. Post exploitation - Infrastructure analysis (network configuration)
- NIST 800-171-4_7. Restrict, disable, or prevent the use of nonessential functions, ports, protocols, and services
- NIST 800-115-3_5. Network sniffing
- C2M2-9_2_c. Implement network protections for cybersecurity architecture
- C2M2-9_3_d. Implement IT and OT asset security for cybersecurity architecture
- PCI DSS-1_2_5. Network security controls are configured and maintained
- PCI DSS-1_4_2. Restrict inbound traffic from untrusted networks
- PCI DSS-9_2_2. Physical access controls manage entry into systems containing data
- SIG Core-I_3_2_5_1. Application security
- SIG Core-N_1_11. Network security
- CAPEC™-700. Network Boundary Bridging
- ISO/IEC 27001-8_21. Security of network services
Vulnerabilities
- 024. Unrestricted access between network segments - AWS
- 109. Unrestricted access between network segments - RDS
- 157. Unrestricted access between network segments
- 158. Unrestricted access between network segments - Azure AD
- 311. Unrestricted access between network segments - JSch
- 368. Unrestricted access between network segments - StrictHostKeyChecking
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.