Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress Access on Common Ports

This rule emphasizes restricting ingress access on specific common ports on VPC security groups.

RuleVPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
FrameworkHIPAA
Severity
High

Rule Description:

This rule mandates that the ingress access to ports 20, 21, 22, 3306, 3389, and 4333 within VPC security groups should be restricted for HIPAA compliance. The rule ensures that the specified ports are only accessible from specific IP ranges or sources rather than allowing access from any IP address (0.0.0.0/0).

Troubleshooting Steps:

If there are any issues with implementing this rule, the following troubleshooting steps can be taken:

  1. 1.

    Security Group configuration: Check if the security groups are properly configured and associated with the desired VPC.

  2. 2.

    Port restrictions: Verify if the ingress access rules for ports 20, 21, 22, 3306, 3389, and 4333 are correctly specified for the security groups.

  3. 3.

    Source IP restriction: Ensure that the IP ranges or sources mentioned in the ingress rules are accurate and match the intended restrictions.

  4. 4.

    Traffic logging: Enable VPC Flow Logs to capture network traffic and analyze any potential connectivity issues or unauthorized access attempts.

  5. 5.

    Network ACLs: Double-check if there are any conflicting network ACL rules that may override the security group settings.

Necessary Codes:

The following example shows how to configure a security group in AWS using AWS CLI to enforce the ingress access restrictions for the specified ports:

aws ec2 create-security-group --group-name hipaa-sg --description "HIPAA Compliance Security Group"

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 20 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 21 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 3306 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 3389 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 4333 --cidr 0.0.0.0/0

Replace

<your-security-group-id>
with the actual ID of the security group.

Step-by-Step Guide for Remediation:

Follow the steps below to remediate and enforce the ingress access restrictions for ports 20, 21, 22, 3306, 3389, and 4333 in a VPC security group:

  1. 1.

    Log in to your AWS Management Console and navigate to the EC2 service.

  2. 2.

    In the EC2 dashboard, click on "Security Groups" in the left-hand menu.

  3. 3.

    Select the appropriate security group associated with the VPC requiring HIPAA compliance.

  4. 4.

    Click on the "Actions" dropdown button and choose "Edit inbound rules."

  5. 5.

    Remove any existing rules for the specified ports if they allow unrestricted ingress access (0.0.0.0/0).

  6. 6.

    Click on the "Add rule" button and select "SSH" for port 22. Set the source IP range to limit access only to authorized IP addresses.

  7. 7.

    Repeat Step 6 for the remaining ports (20, 21, 3306, 3389, and 4333). Configure the source IP ranges or sources according to your specific requirements.

  8. 8.

    Review the updated inbound rules and click on "Save rules" to enforce the changes.

  9. 9.

    Test the connectivity to the restricted ports from both authorized and unauthorized IP addresses to verify that the rules are correctly applied.

By following the above steps, you will have successfully enforced ingress access restrictions for ports 20, 21, 22, 3306, 3389, and 4333 within the VPC security group to comply with HIPAA regulations.

Is your System Free of Underlying Vulnerabilities?
Find Out Now