Rule: Ensure Security Group does not allow inbound traffic to TCP port 9300
This rule ensures the Security Group attached to EC2 instance restricts inbound traffic to TCP port 9300.
| Rule | Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 9300 (Elasticsearch) |
| Framework | CloudDefense.AI Security |
| Severity | ✔ High |
Rule Description:
The rule ensures that the Security Group attached to the EC2 instance does not allow inbound traffic from all sources to TCP port 9300, which is commonly used for Elasticsearch. By restricting access to this port, it helps to maintain the security and integrity of the EC2 instance and the Elasticsearch service.
Troubleshooting Steps:
- 1.
Identify the Security Group associated with the EC2 instance:
- Go to the AWS Management Console.
- Navigate to the EC2 service.
- Locate and select the target EC2 instance.
- Note the Security Group(s) attached to the instance.
- 2.
Check existing inbound rules:
- Select the Security Group associated with the instance.
- Review the inbound rules to verify if there is an existing rule allowing TCP traffic on port 9300 from all sources.
- 3.
Verify the rule origin:
- Double-check if the rule is intended for use by CloudDefense or if it has been misconfigured.
Remediation Steps:
- 1.
Open the AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
Select the target EC2 instance.
- 4.
Note the Security Group(s) attached to the instance.
- 5.
Click on the associated Security Group.
- 6.
In the Inbound Rules section, locate the rule that allows TCP traffic on port 9300 from all sources.
- 7.
Select the rule and click on the "Actions" button.
- 8.
From the drop-down menu, choose "Edit inbound rules".
- 9.
Locate the rule that allows inbound traffic to TCP port 9300 from all sources.
- 10.
Click the "Remove" button next to the rule.
- 11.
Review the remaining inbound rules to ensure the necessary access is still permitted for your use case.
- 12.
Once the changes are reviewed, click on "Save rules" to apply the updated Security Group configuration.
Note: Make sure to consider any other applications or services that might require access to TCP port 9300 and add specific rules to allow access from their respective sources.
Example AWS CLI command:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 9300 --source 0.0.0.0/0
Replace
<security-group-id>Additional Notes:
It is important to regularly review and update the Security Group rules based on the specific requirements of your applications and services. Restricting access to only necessary ports and sources helps to minimize the attack surface and ensures the overall security of your infrastructure.