Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure Security Group Attached to Application Load Balancer Instance Rule

This rule ensures that the Security Group attached to the ALB instance restricts TCP 27018 inbound traffic

RuleEnsure Security Group attached to application load balancer instance does not allow inbound traffic from all to TCP 27018 (MongoDB)
FrameworkCloudDefense.AI Security
Severity
High

Rule Description:

The security group attached to the application load balancer instance should have restricted inbound traffic access to TCP port 27018, which is commonly used for MongoDB. This rule helps ensure the security of the CloudDefense application by preventing unauthorized access to the MongoDB server.

Troubleshooting Steps (if any):

  2. 1.
    Verify the security group associated with the application load balancer.
  4. 2.
    Check the inbound rules of the security group to identify if there are any rules allowing traffic from all to TCP port 27018.
  6. 3.
    If such a rule exists, proceed with the remediation steps below.

Remediation:

To remediate the issue, follow these steps:

  2. 1.
    Retrieve the security group ID associated with the application load balancer. You can find it through the AWS Management Console or by using the AWS CLI with the following command:
aws elbv2 describe-load-balancers --query 'LoadBalancers[?LoadBalancerName==`<load_balancer_name>`].LoadBalancerArn'

Replace 

<load_balancer_name>
with the name of your load balancer.

  2. 1.
    Once you have the load balancer's ARN (Amazon Resource Name), retrieve the security group ID associated with the load balancer using the following command:
aws elbv2 describe-load-balancers --load-balancer-arns <load_balancer_arn> --query 'LoadBalancers[0].SecurityGroups'

Replace 

<load_balancer_arn>
with the ARN obtained in the previous step.

  2. 1.

    Take note of the security group ID for further use in the following steps.

  4. 2.

    Now, verify the inbound rules of the security group associated with the load balancer. Use the following command:

aws ec2 describe-security-groups --group-ids <security_group_id>

Replace 

<security_group_id>
with the security group ID obtained earlier.

  2. 1.

    Identify any inbound rules that allow traffic from all sources to TCP port 27018. Note down the rule description or ID for removal.

  4. 2.

    To remove the identified rule, use the following command:

aws ec2 revoke-security-group-ingress --group-id <security_group_id> --protocol tcp --port 27018 --source 0.0.0.0/0

Replace 

<security_group_id>
with the security group ID and confirm that the source is set to 
0.0.0.0/0
to revoke access from all sources.

  2. 1.
    After executing the command, verify that the rule has been successfully removed by rechecking the security group's inbound rules:
aws ec2 describe-security-groups --group-ids <security_group_id>

Ensure that there is no longer an inbound rule allowing traffic from all sources to TCP port 27018.

Note:

Make sure to review all the security group rules and consider adding more restrictive rules to enhance the security of your CloudDefense application.

Is your System Free of Underlying Vulnerabilities?
Find Out Now