Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress TCP and UDP Access from 0.0.0.0/0

Overview of the rule for VPC security groups restricting ingress TCP and UDP access from 0.0.0.0/0.

RuleVPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
FrameworkHIPAA
Severity
High

Rule Description:

VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0 for HIPAA compliance. This means that inbound TCP and UDP traffic should be limited to specific IP ranges or sources, rather than allowing access from any IP address (0.0.0.0/0). By implementing this rule, the VPC ensures that only authorized traffic can reach the designated resources, improving the overall security posture and achieving compliance with HIPAA regulations.

Troubleshooting Steps:

  1. 1.

    Verify the current security group settings:

    • Identify the security group associated with the desired VPC.
    • Access the AWS Management Console or use the AWS CLI/API to view the inbound rules configured for the security group.
  2. 2.

    Check for any existing rules allowing TCP and UDP access from 0.0.0.0/0:

    • Look for inbound rules that specify TCP or UDP protocols and have the source IP range set to 0.0.0.0/0.
    • Take note of the affected ports and protocols.
  3. 3.

    Validate if the identified security group is indeed meant to be HIPAA compliant:

    • Ensure that the security group in question is designated for resources that handle or store Protected Health Information (PHI) and must comply with HIPAA regulations.
    • Confirm with the relevant stakeholders or compliance officer if this security group should implement the ingress restrictions.
  4. 4.

    Determine the appropriate IP ranges or sources to allow:

    • Collaborate with the system or network administrators to identify the approved IP addresses or CIDR blocks that should have access to the resources within the VPC.
    • Obtain the necessary information about the required IP ranges or sources.

Remediation Steps:

  1. 1.

    Prepare the necessary IP ranges or sources:

    • Compile a list of approved IP addresses or CIDR blocks from the previous step.
    • Ensure that the list includes all authorized sources that should have TCP and UDP access to the VPC resources.
  2. 2.

    Implement the ingress restrictions on the security group:

    • Access the AWS Management Console or use the AWS CLI/API to modify the inbound rules of the appropriate security group.
    • Remove any existing rules that allow TCP or UDP access from 0.0.0.0/0.
  3. 3.

    Add new ingress rules to the security group:

    • Create new inbound rules for each required TCP and UDP port, specifying the approved IP ranges or sources.
    • Configure the security group to allow inbound traffic only from the specified IP addresses or CIDR blocks.
    • Ensure that the rules are correctly applied to the relevant security group associated with the VPC.
  4. 4.

    Verify the applied changes:

    • Validate that the updated security group settings reflect the required ingress restrictions.
    • Test the connectivity from the approved IP addresses or CIDR blocks to confirm that the desired traffic can reach the designated resources within the VPC.

Example Code:

AWS CLI Command to Modify Ingress Rules for a Security Group:

aws ec2 authorize-security-group-ingress 
    --group-id <security-group-id>
    --protocol tcp
    --port <port>
    --source-ip <source-ip>

Note: Replace

<security-group-id>
,
<port>
, and
<source-ip>
with the appropriate values according to your configuration.

AWS CLI Command to Remove an Existing Ingress Rule:

aws ec2 revoke-security-group-ingress 
    --group-id <security-group-id>
    --protocol tcp
    --port <port>
    --source-ip 0.0.0.0/0

Note: Replace

<security-group-id>
and
<port>
with the values specific to your setup.

Ensure that you have the necessary permissions to modify the security group and make the required changes accordingly.

Is your System Free of Underlying Vulnerabilities?
Find Out Now