This rule guides to restrict Network ACLs from allowing inbound traffic from all IP addresses to vulnerable remote server administration ports.
Rule | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports |
Framework | cis_v130 |
Severity | ✔ Medium |
Rule Description
The rule ensures that no Network Access Control List (ACL) permits inbound traffic from the IP range 0.0.0.0/0 to remote server administration ports, as specified by the cis_v130 benchmark.
Network ACLs act as a firewall for controlling traffic between subnets in the network. By disallowing access from all IP addresses (0.0.0.0/0) to remote server administration ports, this rule aims to enhance security and reduce the risk of unauthorized access to critical server functions.
Troubleshooting Steps
If any Network ACL allows ingress from 0.0.0.0/0 to remote server administration ports, follow these troubleshooting steps:
Identify the affected Network ACL: Determine the Network ACL that allows traffic from 0.0.0.0/0 to remote server administration ports. Note down the ACL's name or identifier.
Review associated subnet(s): Confirm the subnet(s) associated with the Network ACL allowing the prohibited ingress. Ensure that the subnet(s) require administrative access from limited IP ranges (e.g., trusted networks or specified IP addresses).
Identify and document affected ports: Identify the specific remote server administration ports exposed to the 0.0.0.0/0 IP range. Document the port numbers for reference.
Validate the need for the exposed ports: Consider the purpose and necessity of the exposed server administration ports. Determine if any alternative methods (e.g., VPN access) can be utilized to limit exposure.
Generate remediation plan: Based on the gathered information, develop a plan to restrict the ingress from 0.0.0.0/0 to the specified remote administration ports.
Remediation Steps
To remediate the issue and adhere to the cis_v130 benchmark, follow these steps:
Identify the subnet associated with the affected Network ACL: Determine the subnet(s) where the prohibited ingress from 0.0.0.0/0 is allowed. Note down the subnet(s) for further configuration.
Access the network infrastructure: Ensure you have appropriate access and permissions to modify the Network ACL configuration.
Identify the specific Network ACL: Locate and confirm the specific Network ACL name or identifier that requires modification.
Edit the Network ACL: Using the appropriate command-line interface (CLI) tools, edit the Network ACL to remove the allowance for ingress from 0.0.0.0/0 to remote server administration ports:
<CLI command to edit the Network ACL>
Restrict ingress to authorized IP ranges: Modify the Network ACL rules to allow ingress only from specific IP ranges or trusted networks that require administrative access to the remote server administration ports.
Save and apply the Network ACL changes: Once the modifications are complete, save the updated Network ACL configuration and apply the changes to the network infrastructure.
Test the modified Network ACL: Validate the effectiveness of the new configuration by attempting to access the remote server administration ports from IP addresses outside the authorized ranges. Ensure that the access is denied as intended.
Document the changes: Record the modifications made to the Network ACL, including the removed allowance for ingress from 0.0.0.0/0 and the newly permitted IP ranges.
Monitor and maintain the Network ACL: Regularly monitor the Network ACL to ensure its continued compliance with the cis_v130 benchmark. Update the ACL as necessary to accommodate any legitimate administrative IP changes or network updates.
By following these steps, you can enforce the necessary rule to disallow ingress from 0.0.0.0/0 to remote server administration ports, thereby improving the security of your network infrastructure.