Rule purpose: Check whether the security group can access remote risky ports when rules covering all network segments are set.
Compliance evaluation logic: When the security group has set rules covering all network segments (0.0.0.0/0 or ::/0), the port range cannot contain specified risky ports. If no such rules are set, the port range can contain specified risky ports. The evaluation result is "compliant" when the above conditions are met.
Rule Identifier: cvm-sg-no-remote-access
Risk Level: High
Applicable Resource Type: QCS::VPC::SecurityGroup
Rule trigger type: Configuration change
Keyword: Security Group
Rule parameter: None