Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

This rule focuses on restricting SSH access from all IPs in VPC security groups.

RuleVPC security groups should restrict ingress SSH access from 0.0.0.0/0
FrameworkHIPAA
Severity
High

Rule Description

The rule specifies that the VPC security groups in an environment that adheres to the Health Insurance Portability and Accountability Act (HIPAA) regulations should restrict ingress SSH (Secure Shell) access from any IP address (0.0.0.0/0) outside of the VPC. This rule is enforced to enhance the security of the environment and protect sensitive HIPAA data.

Troubleshooting Steps (if applicable)

  2. 1.
    Identify the security group associated with the VPC in question.
  4. 2.
    Verify the existing inbound rules for the security group.
  6. 3.
    Check if there are any SSH rules allowing access from 0.0.0.0/0.
  8. 4.
    Ensure that the security group adheres to the HIPAA requirement to restrict such access.

Necessary Codes (if applicable)

"ingress": [
    {
        "protocol": "tcp",
        "port_range": {
            "from": 22,
            "to": 22
        },
        "source": {
            "prefix_list": null,
            "security_group_id": null,
            "self": false,
            "description": null,
            "cidr_blocks": [
                "0.0.0.0/0"
            ]
        },
        "description": "Allow SSH access from anywhere (HIPAA restricted)"
    }
]

Step-by-Step Guide for Remediation

  2. 1.
    List all the VPC security groups associated with the environment.
  4. 2.
    Identify the security group that needs to be updated according to the HIPAA rule.
  6. 3.
    Verify the current inbound rules of the security group.
  8. 4.
    Check if there already exists an SSH rule allowing access from 0.0.0.0/0.
  10. 5.
    If an SSH rule with 0.0.0.0/0 is found, proceed to the next step. Otherwise, add a new inbound rule with the following details:
    • Protocol: TCP
    • Port Range: 22 (SSH port)
    • Source: 0.0.0.0/0
    • Description: Allow SSH access from anywhere (HIPAA restricted)
  12. 6.
    Apply the relevant changes to the security group.
  14. 7.
    Test the SSH connectivity to ensure it is restricted only to authorized IP addresses.
  16. 8.
    Repeat the process for any other security groups that need to be updated.

Note: It is important to ensure that other necessary IP ranges or security groups are included in the inbound rules to maintain authorized access for legitimate users or systems.

Is your System Free of Underlying Vulnerabilities?
Find Out Now