Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

This rule ensures VPC security groups restrict SSH access from all IP addresses for enhanced security measures.

RuleVPC security groups should restrict ingress SSH access from 0.0.0.0/0
FrameworkCISA-cyber-essentials
Severity
High

Rule Description

The VPC security groups should have a rule in place to restrict incoming SSH (Secure Shell) access from the IP address range 0.0.0.0/0. This rule is enforced as part of the CISA Cyber Essentials policy to ensure a secure network environment.

Troubleshooting Steps

If there are any issues or violations related to this rule, you can follow the troubleshooting steps below:

  2. 1.

    Identify the affected security group: Determine the specific security group that needs to be modified to restrict SSH access.

  4. 2.

    Check the existing inbound rules: Verify the current inbound rules of the security group to identify if there is already a rule allowing SSH access from 0.0.0.0/0.

  6. 3.

    Review the associated instances: Ensure that the instances in the VPC are correctly associated with the security group that needs the SSH restriction.

  8. 4.

    Validate the source IP range: Confirm that the source IP range for SSH access restriction is set to 0.0.0.0/0.

  10. 5.

    Verify the protocol and port: Double-check that the rule is specifically targeting the SSH protocol (TCP port 22) for restriction.

  12. 6.

    Confirm the rule priority: Verify that the rule restricting SSH access from 0.0.0.0/0 has the appropriate priority to take effect.

Necessary Codes

If necessary, you can use the AWS Command Line Interface (CLI) to modify the security group and apply the SSH access restriction. Below is an example of the required code using the AWS CLI:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0 --region <region-name>

Replace 

<security-group-id>
with the actual ID of the security group that needs to be modified and 
<region-name>
with the AWS region where the VPC is located.

Step-by-Step Guide for Remediation

Follow the step-by-step guide below to restrict SSH access from 0.0.0.0/0 using the AWS Management Console:

  2. 1.
    Open the AWS Management Console and navigate to the EC2 service.
  4. 2.
    Click on "Security Groups" in the left sidebar.
  6. 3.
    Select the relevant security group that needs to be modified.
  8. 4.
    In the "Inbound Rules" tab, click on the "Edit" button.
  10. 5.
    Add a new rule for SSH access with the following details:
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: 0.0.0.0/0
  12. 6.
    Save the changes and ensure that the updated rule is properly prioritized.
  14. 7.
    Verify that the SSH access restriction from 0.0.0.0/0 is correctly applied.

Remember to review the changes and ensure they align with the requirements of the CISA Cyber Essentials policy.

Is your System Free of Underlying Vulnerabilities?
Find Out Now