This rule ensures VPC Security Groups restrict Ingress TCP and UDP Access from 0.0.0.0/0 to enhance network security.
Rule | VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0 |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
Rule Description
This rule is focused on ensuring that the VPC security groups follow the best security practices by restricting ingress TCP and UDP access from the 0.0.0.0/0 IP address range. This helps in limiting the potential attack surface and reduces the risk of unauthorized access to the system.
Rationale
The rule is based on the NIST 800-171 Revision 2 security framework, which provides guidelines for protecting Controlled Unclassified Information (CUI) in non-federal information systems and organizations. Restricting access from 0.0.0.0/0 helps in meeting the security requirements outlined by NIST and enhances the overall security posture of the system.
Impact of Non-Compliance
Non-compliance with this rule can lead to potential security risks such as unauthorized access to sensitive information, data breaches, and compromise of system integrity. It can also result in non-compliance with regulatory and industry standards, leading to legal and reputational consequences.
Troubleshooting Steps
Recommended Actions
Follow the steps below to remediate the non-compliance by restricting ingress TCP and UDP access from 0.0.0.0/0:
aws ec2 describe-security-groups --group-ids <security-group-id>
Example AWS CLI Commands
To retrieve and modify the security group(s) using the AWS CLI, use the following commands:
aws ec2 describe-security-groups --filters "Name=vpc-id,Values=<vpc-id>"
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port> --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port> --cidr <ip-range>
Make sure to replace
<vpc-id>
, <security-group-id>
, <port>
, and <ip-range>
with the appropriate values specific to your environment.References