This rule ensures no security groups allow ingress from ::/0 to remote server administration ports.
Rule | Ensure no security groups allow ingress from ::/0 to remote server administration ports |
Framework | cis_v150 |
Severity | ✔ High |
Rule Description:
The rule aims to ensure that no security groups in the environment allow ingress (incoming) traffic from any source IP address (::/0) to remote server administration ports for cis_v150. This restriction is important to prevent unauthorized access to sensitive server administration ports, minimizing the risk of security breaches and unauthorized activities.
Troubleshooting Steps:
If any security group is found to allow ingress from ::/0 to remote server administration ports for cis_v150, follow these troubleshooting steps:
Identify the affected security group(s): Review the security groups associated with the servers running cis_v150 and identify any security groups that allow ingress from ::/0 to relevant server administration ports.
Review the purpose of the security group: Understand the purpose and intended traffic flow for the specific security group. Determine if the ingress rule is necessary or if it can be modified to restrict the source IP range appropriately.
Check for misconfigurations: Verify that the ingress rule indeed permits traffic from ::/0. Ensure that there are no typographical errors in port numbers or IP addresses defined in the security group rules.
Validate rule requirement: Determine if the ingress rule is required for the specific server administration ports of cis_v150. If not, proceed to remediation steps.
Assess network requirements: If the ingress rule is needed for specific network requirements, consider limiting the source IP range to a more secure and restricted set of IP addresses or ranges that require access. Ensure that the specified IP addresses are authorized and necessary for the server's administration purposes.
Necessary Codes:
No specific code is necessary for this rule, as it involves reviewing and modifying the security group rules using the cloud provider's console or command-line interface (CLI).
Remediation Steps:
Follow these step-by-step guide for remediation of the rule:
Access the cloud provider's console or CLI: Log in to the cloud provider's console, or if preferred, access the CLI with appropriate permissions to manage security groups.
Identify the relevant security group(s): Locate the security group(s) associated with the servers running cis_v150, which allow ingress from ::/0 to remote server administration ports. Note down the security group name(s) for further configuration.
Modify the security group rules: Edit the security group rules by removing or modifying the ingress rule that allows traffic from ::/0 to the remote server administration ports. Replace the source IP range (::/0) with the appropriate IP addresses or ranges that require access to those ports.
Save and apply the changes: Save the modified security group rules, and ensure that the changes are applied to the appropriate security group(s).
Test connectivity: After making the changes, test the connectivity to the remote server administration ports from the authorized and restricted IP addresses or ranges to ensure it is working as intended.
Document the changes: Record the modifications made to the security group rules for future reference and auditing purposes. Update any relevant documentation or change management processes to reflect the changes made.
By following these steps, you will have successfully remediated the rule by disallowing ingress from ::/0 to remote server administration ports for cis_v150, enhancing the security posture of the environment.