Authentication is enabled for public access to MSE clusters

更新时间:
复制 MD 格式

An MSE cluster is considered compliant if authentication is enabled for public network access, or if public network access is disabled.

Scenarios

Accessing an MSE cluster over the public network poses security risks. We recommend that you use a virtual private cloud (VPC) instead.

Threat Level

Default threat level: High.

You can change the threat level based on your requirements.

Detection logic

  • An MSE cluster is considered compliant if public network access is disabled, or if both public network access and authentication are enabled.

  • An MSE cluster is considered non-compliant if public network access is enabled but authentication is disabled.

Rule details

Parameter

Description

Rule name

Authentication is enabled for public access to MSE clusters

Rule identifier

mse-cluster-config-auth-enabled

Tag

MSE

Automatic remediation

Not supported

Rule trigger mechanism

Configuration changes

Supported resource types

MSE cluster

Rule input parameters

None

Remediation

Disable public network access for the MSE cluster. If public network access is required, enable authentication. For more information, see Nacos client access authentication.