Skip to main content

πŸ’Ό 1.2 Prevent access to the administrative interface from the internet

  • Contextual name: πŸ’Ό 1.2 Prevent access to the administrative interface from the internet
  • ID: /frameworks/uk-cyber-essentials-v3.1/01/02
  • Located in: πŸ’Ό 1 Firewalls

Description​

Prevent access to the administrative interface (used to manage firewall configuration) from the internet, unless there is a clear and documented business need, and the interface is protected by one of the following controls:

  • multi-factor authentication (see MFA details below)
  • an IP allow list that limits access to a small range of trusted addresses combined with a properly managed password authentication approach

Similar​

  • Internal
    • ID: dec-c-7623022b

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (37)​

PolicyLogic CountFlags
πŸ“ AWS API Gateway REST API Stage is not associated with a WAF Web ACL 🟒1🟒 x6
πŸ“ AWS EC2 Default Security Group does not restrict all traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted DNS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted FTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted ICMP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted RPC traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted SMTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to all ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MySQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟒1🟒 x6
πŸ“ AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟒1🟒 x6
πŸ“ AWS RDS Snapshot is publicly accessible 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Private Endpoints are not used 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Virtual Network Filter is not enabled 🟒1🟒 x6
πŸ“ Azure Cosmos DB Entra ID Client Authentication is not used 🟒🟒 x3
πŸ“ Azure Key Vault Private Endpoints are not used 🟒1🟒 x6
πŸ“ Azure Managed Disk Public Network Access is not disabled 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted HTTP(S) access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted RDP access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted SSH access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted UDP access from the Internet 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟒1🟒 x6
πŸ“ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟒1🟒 x6
πŸ“ Azure SQL Database Transparent Data Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Microsoft Entra authentication is not configured 🟒1🟒 x6
πŸ“ Azure SQL Server Public Network Access is not disabled 🟒1🟒 x6
πŸ“ Azure Storage Account Allow Blob Anonymous Access is set enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Default Network Access Rule is not set to Deny 🟒1🟒 x6
πŸ“ Azure Storage Account Private Endpoints are not used 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-2fcb6d852
βœ‰οΈ dec-x-3e379c671
βœ‰οΈ dec-x-3e95721c1
βœ‰οΈ dec-x-4c15a09f1
βœ‰οΈ dec-x-4f30f24e1
βœ‰οΈ dec-x-6eab9b881
βœ‰οΈ dec-x-11c3009f1
βœ‰οΈ dec-x-14bf01f31
βœ‰οΈ dec-x-42a090841
βœ‰οΈ dec-x-46a83a301
βœ‰οΈ dec-x-0289e9c91
βœ‰οΈ dec-x-293ab45b1
βœ‰οΈ dec-x-599c86b41
βœ‰οΈ dec-x-807a37c91
βœ‰οΈ dec-x-66358b451
βœ‰οΈ dec-x-083928f51
βœ‰οΈ dec-x-637372481
βœ‰οΈ dec-x-a7d8f0e71
βœ‰οΈ dec-x-b4d3d9dc2
βœ‰οΈ dec-x-b17c005c1
βœ‰οΈ dec-x-b33429051
βœ‰οΈ dec-x-bcae85fb2
βœ‰οΈ dec-x-bf1f13f61
βœ‰οΈ dec-x-bfdadcc41
βœ‰οΈ dec-x-ca1c0c0d1
βœ‰οΈ dec-x-d127f4071
βœ‰οΈ dec-x-e43fd12e1
βœ‰οΈ dec-x-ec547a7c1
βœ‰οΈ dec-x-ecd99f881
βœ‰οΈ dec-x-f4cc003a1
βœ‰οΈ dec-x-f12d78aa1
βœ‰οΈ dec-x-f937c35f1
βœ‰οΈ dec-z-c82c9f971
βœ‰οΈ dec-z-dbeeed9f1
βœ‰οΈ dec-z-f778950c1