lacework-global-146
Network Access Control Lists (ACL) do not allow unrestricted outbound traffic
Description
A Network ACL acts as a stateless, virtual firewall that controls traffic at the subnet level. The default Network ACL associated with a Virtual Private Cloud (VPC) allows all inbound and outbound traffic. For security purposes, best practices recommend restricting outbound Network ACLs.
Remediation
- Log in to the AWS Management Console.
- Select Services.
- Select VPC.
- Select Network ACLs.
- Select the Network ACL to edit.
- Select the Outbound rules tab.
- Select Edit outbound rules.
- For each rule, restrict access to only the appropriate port or port range.
- Select Save changes.