Skip to main content

💼 45 An understanding of plausible worst case scenarios can help regulated entities identify and implement additional controls to prevent or reduce the impact of such scenarios. One example is malware that infects computers and encrypts data, both on the infected computer and any connected storage, including (corporate) networks and cloud storage. Such attacks reinforce the importance of protecting the backup environment in the event that the production environment is compromised. Common techniques to achieve this include network segmentation, highly restricted and segregated access controls and network traffic flow restrictions.

  • ID: /frameworks/apra-cpg-234/16/45

Stats

not available

Description

Empty...

Similar

  • Internal
    • ID: dec-c-b122fb4c

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (42)

PolicyLogic CountFlagsCompliance
🛡️ AWS DMS Replication Instance is publicly accessible🟢1🟢 x6no data
🛡️ AWS EC2 Instance IAM role is not attached🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ AWS EKS Cluster allows unrestricted public traffic🟢1🟢 x6no data
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ AWS RDS Instance is publicly accessible🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket MFA Delete is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢1🟢 x6no data
🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Key Vault Role Based Access Control is not enabled🟢1🟢 x6no data
🛡️ Azure Managed Disk Public Network Access is not disabled🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to RDP port🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to SSH port🟢1🟢 x6no data
🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Azure SQL Server Public Network Access is not disabled🟢1🟢 x6no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Default Network Access Rule is not set to Deny🟢1🟢 x6no data
🛡️ Azure Storage Account Private Endpoints are not used🟢1🟢 x6no data
🛡️ Oracle IAAS Network Security Group allows unrestricted RDP traffic🟢1🟢 x6no data
🛡️ Oracle IAAS Network Security Group allows unrestricted SSH traffic🟢1🟢 x6no data
🛡️ Oracle IAAS Security List allows unrestricted RDP traffic🟢1🟢 x6no data
🛡️ Oracle IAAS Security List allows unrestricted SSH traffic🟢1🟢 x6no data
🛡️ Oracle IAM User MFA is disabled🟢1🟢 x6no data
🛡️ Oracle Storage Bucket allows public access🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-3e379c671
✉️ dec-x-4c15a09f1
✉️ dec-x-4f30f24e1
✉️ dec-x-6c93750d1
✉️ dec-x-6eab9b881
✉️ dec-x-11c3009f1
✉️ dec-x-14bf01f31
✉️ dec-x-42a090841
✉️ dec-x-46a83a301
✉️ dec-x-82ca41272
✉️ dec-x-87b8e6c71
✉️ dec-x-0289e9c91
✉️ dec-x-293ab45b1
✉️ dec-x-599c86b41
✉️ dec-x-1122fe571
✉️ dec-x-4157c58a1
✉️ dec-x-66358b451
✉️ dec-x-083928f51
✉️ dec-x-637372481
✉️ dec-x-a7d8f0e71
✉️ dec-x-afca7c621
✉️ dec-x-b4d3d9dc2
✉️ dec-x-b17c005c1
✉️ dec-x-b92b08f41
✉️ dec-x-bcae85fb2
✉️ dec-x-c80414561
✉️ dec-x-ca1c0c0d1
✉️ dec-x-cffc7d8e1
✉️ dec-x-d127f4071
✉️ dec-x-e02b5fdd1
✉️ dec-x-ec547a7c1
✉️ dec-x-f4cc003a1
✉️ dec-x-f12d78aa1
✉️ dec-x-f937c35f1
✉️ dec-x-fab5c4cd1
✉️ dec-x-fe5d4f071
✉️ dec-z-bb7312921
✉️ dec-z-c82c9f971
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1