Rule: VPC Default Security Group Restriction

This rule ensures VPC default security group restricts all inbound and outbound traffic.

Rule	VPC default security group should not allow inbound and outbound traffic
Framework	NIST 800-171 Revision 2
Severity	✔ Medium

Rule Description

The VPC default security group should not allow inbound and outbound traffic for NIST 800-171 Revision 2 compliance.

Description

The VPC (Virtual Private Cloud) default security group is automatically created when setting up a VPC in AWS (Amazon Web Services). It serves as a default security measure for controlling inbound and outbound traffic within the VPC. However, to comply with NIST 800-171 Revision 2, it is necessary to restrict inbound and outbound traffic for the default security group.

Troubleshooting Steps

1.
Identify the default security group associated with the VPC.

2.
Verify the inbound and outbound rules configured for the default security group.

3.
Check if any rules allow unrestricted traffic flow.

4.
Review the NIST 800-171 Revision 2 guidelines to ensure compliance.

Necessary Codes

There are no specific codes for this rule/policy. The configuration changes will be made through the AWS Management Console or AWS CLI (Command Line Interface).

Step-by-Step Guide for Remediation

Using AWS Management Console:

1.
Log in to the AWS Management Console.

2.
Open the Amazon VPC service.

3.
Select the VPC associated with the default security group.

4.
Navigate to the "Security Groups" section.

5.
Identify the default security group.

6.
Click on the "Inbound Rules" tab.

7.
Remove any rules that allow inbound traffic that are not necessary for NIST 800-171 Revision 2 compliance.

8.
Click on the "Outbound Rules" tab.

9.
Remove any rules that allow outbound traffic that are not necessary for NIST 800-171 Revision 2 compliance.

10.
Review and confirm the changes.

11.
Save the updated configuration.

Using AWS CLI:

1.
Install the AWS CLI on your local machine if not already installed.

2.
Open a command prompt or terminal.

3.
Run the following command to list the security groups associated with your VPC:

aws ec2 describe-security-groups --filters Name=vpc-id,Values=<Your_VPC_ID>

1.
Identify the default security group from the list.

2.
Run the following command to modify the inbound rules:

aws ec2 revoke-security-group-ingress --group-id <Your_Default_Security_Group_ID> --protocol -1 --source-security-group-name default

1.
Run the following command to modify the outbound rules:

aws ec2 revoke-security-group-egress --group-id <Your_Default_Security_Group_ID> --protocol -1 --destination-security-group-name default

1.
Verify the changes by listing the security group details again.

2.
Confirm that the inbound and outbound rules are updated according to NIST 800-171 Revision 2.

Conclusion

By following the provided troubleshooting steps and using the AWS Management Console or AWS CLI, you can ensure that the VPC default security group does not allow any inbound or outbound traffic that violates NIST 800-171 Revision 2 guidelines. This helps maintain better security and compliance for your AWS environment.

Rule: VPC Default Security Group Restriction

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Using AWS Management Console:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Using AWS CLI:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Using AWS Management Console:

Using AWS CLI:

Is your System Free of Underlying Vulnerabilities?
Find Out Now