This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SecManNick
Explorer
‎2023-04-05 04:30 AM

Dome9 Ruleset Change Resulting in New Critical Findings

Hello fellow CheckMates,

I've recently joined this community so dipping a toe in with a first post.

CheckPoint CloudGuard Dome9 recently changed their Posture Management Policy Ruleset AWS ISO 27001:2013 ruleset (changed 15th March 2023). There were a number of rules that were 'upgraded' from severity High to Critical. This has resulted in our compliance having a significant number of Critical findings. There is one rule in particular that I don't understand why it's matching a number of our Security Groups as being non compliant. The rule is as follows:

Rule ID: D9.AWS.NET.08
Rule Name: Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols

I interpret this as meaning do not allow inbound traffic from ALL IP addresses to ALL ports and protocols.

I've checked all the Security Groups that are being reported as non-compliant to this rule and none of them permit inbound traffic from ALL IP addresses to ALL ports and protocols. Some of the Security Groups do permit traffic from ALL IP addresses to specific ports and protocols (e.g. port 443 protocol HTTPS where a public web server is hosted). 

Am I misinterpreting this rule? Does it really mean "do not allow inbound traffic from ALL IP addresses to ANY port and protocol."?

Any help would be appreciated.

Labels
0 Kudos
1 Reply
Lihi_Gur
Employee
Employee
‎2023-05-30 07:45 AM

Hi @SecManNick Can you please create a service request (SR),

https://help.checkpoint.com/Guest/?ErrorCode=41&ErrorDescription=Execution+error&ErrorDetails=ApexSC...

Will be happy to help you 

 

 

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events