A standard best-practice in hosting is to reduce the attack surface by blocking traffic to all but the necessary ports. In containers, the Pod definition identifies an allow-list of ports to use. In virtual machines, we’ll use software firewalls. In a network, we’ll configure a hardware firewall to protect critical resources.
It’s easy when configuring a cloud resource to allow all traffic when debugging to just verify it works. For example, a developer may open port 22 or 3389 to allow remote connectivity to take a look around. Once we get closer to production use, this practice leads to excessive security exposure. An attacker can quickly scan resources for open ports, and use these as the entrypoint for more serious attacks.
This Shoreline runbook scans containers for a user-defined port. If a port is open to the public, the user can choose to remove or update the security group to block potentially insecure traffic.
Willy, Shoreline’s Director of Operations, highlights the benefits of this Open Port Check Op Pack in a great video.