This rule ensures VPC security groups restrict ingress access on common ports from all sources.
Rule | VPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0 |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
Rule Description:
The VPC security groups should be configured to restrict the ingress (incoming) access on ports 20, 21, 22, 3306, 3389, and 4333 from the IP range 0.0.0.0/0 for compliance with the NIST 800-171 Revision 2 security standard.
Troubleshooting Steps:
Verify the existing security group rules:
Check if any necessary exceptions are required:
Update the security group rules:
Test the updated configuration:
Necessary Codes:
No code is necessary for this task. It requires configuration changes in the AWS Management Console or using the AWS CLI/SDK.
Step-by-step Guide for Remediation:
Note: It is recommended to follow the principle of least privilege and only allow access from sources that are necessary for the functioning of the resources.