- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CNAPP
- :
- Re: Update to Network Security Rulesets
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update to Network Security Rulesets
A new compliance ruleset- AWS Dome9 Network Alerts for default VPC components will be available in CloudGuard Dome9 within next 5-10 business days. This ruleset supports aligned with architectures that include Security Groups, Gateways, Route Tables, NACLs and is based on AWS Guidelines: https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#default-vpc-components.
In addition to this new ruleset, we will be enhancing the existing network security rulesets for AWS, Azure and GCP by adding rules coverage for the additional ports as follows:
- 100 New rules added for AWS Dome9 Best Practices
- 100 New rules added for AWS Dome9 Network Alerts
- 25 New rules added for Azure Dome9 Best Practices
- 25 New rules added for Azure Dome9 Network Alerts
- 25 New rules added for GCP Dome9 Best Practices
- 25 New rules added for GCP Dome9 Network Alerts
List of ports added:
Port |
Protocol |
Service Name |
Application |
23 |
TCP |
Telnet |
Telnet |
445 |
TCP |
Microsoft-DS |
CIFS / SMB |
53 |
UDP |
DNS |
DNS |
5500 |
TCP |
VNC Listener |
VNC |
5900 |
TCP |
VNC Server |
VNC |
How does this change affects us?
If you are utilizing Security Groups, Gateways, Route Tables, NACLs, it is recommended to start using AWS Dome9 Network Alerts for default VPC components instead of AWS Networks Alerts ruleset, to reduce the amount of false positive findings you may encounter using AWS Dome9 Network Alerts.
Updates to existing rulesets will result in a more comprehensive testing, thereby increasing the number of rules which will affect your overall compliance score (it can go up or down depending on the environment)
For more information on the updated network security ruleset, you can refer to :
- Dome9 release notes: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/784400389/Release+Notes
- Content Updates Page: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/789348353/Cloud+Guard+Compliance+Updates
- Documentation Page: https://docs.google.com/document/d/1IzIt5fdDq8V2fl89ytDd6RekW-q7NhEQLgVATVe3iHo/edit?ts=5d9e5e6c#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
None of these rules seem to reference NACLs. I'm looking to implement a rule to ensure compliance with CIS AWS Foundations v1.3 #5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports. I'd like to reference a custom resource list for the list of remote server administration ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content