Missing security group for instance.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | computing |
| Provider | Nifcloud |
| Vulnerability Type | omission |
Description#
Instances are being created without an associated security group, leaving them without defined network traffic controls. This configuration allows unrestricted access to and from the instance, violating basic security best practices.
Impact#
Without a security group, instances are exposed to all inbound and outbound traffic, significantly increasing the risk of unauthorized access, data breaches, malware infection, or exploitation by attackers, potentially compromising the integrity and availability of services and data.
Resolution#
Add security group for all instances