An MSE cluster is considered compliant if authentication is enabled for public network access, or if public network access is disabled.
Scenarios
Accessing an MSE cluster over the public network poses security risks. We recommend that you use a virtual private cloud (VPC) instead.
Threat Level
Default threat level: High.
You can change the threat level based on your requirements.
Detection logic
-
An MSE cluster is considered compliant if public network access is disabled, or if both public network access and authentication are enabled.
-
An MSE cluster is considered non-compliant if public network access is enabled but authentication is disabled.
Rule details
|
Parameter |
Description |
|
Rule name |
Authentication is enabled for public access to MSE clusters |
|
Rule identifier |
mse-cluster-config-auth-enabled |
|
Tag |
MSE |
|
Automatic remediation |
Not supported |
|
Rule trigger mechanism |
Configuration changes |
|
Supported resource types |
MSE cluster |
|
Rule input parameters |
None |
Remediation
Disable public network access for the MSE cluster. If public network access is required, enable authentication. For more information, see Nacos client access authentication.