Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups should restrict Ingress TCP and UDP Access from 0.0.0.0/0

This rule ensures VPC Security Groups restrict Ingress TCP and UDP Access from 0.0.0.0/0 to enhance network security.

RuleVPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description

This rule is focused on ensuring that the VPC security groups follow the best security practices by restricting ingress TCP and UDP access from the 0.0.0.0/0 IP address range. This helps in limiting the potential attack surface and reduces the risk of unauthorized access to the system.

Rationale

The rule is based on the NIST 800-171 Revision 2 security framework, which provides guidelines for protecting Controlled Unclassified Information (CUI) in non-federal information systems and organizations. Restricting access from 0.0.0.0/0 helps in meeting the security requirements outlined by NIST and enhances the overall security posture of the system.

Impact of Non-Compliance

Non-compliance with this rule can lead to potential security risks such as unauthorized access to sensitive information, data breaches, and compromise of system integrity. It can also result in non-compliance with regulatory and industry standards, leading to legal and reputational consequences.

Troubleshooting Steps

  1. 1.
    Identify the security group associated with the affected VPC or subnets.
  2. 2.
    Check the existing inbound rules for TCP and UDP protocols.
  3. 3.
    Verify if there are any rules allowing unrestricted access (0.0.0.0/0) for TCP and UDP.
  4. 4.
    If such rules are present, consider restricting access to specific IP ranges or security groups.
  5. 5.
    Ensure that the required network access is allowed for legitimate traffic while blocking access from the 0.0.0.0/0 range.

Recommended Actions

Follow the steps below to remediate the non-compliance by restricting ingress TCP and UDP access from 0.0.0.0/0:

  1. 1.
    Identify the affected VPC or subnets.
  2. 2.
    Determine the security group(s) associated with the VPC or subnets.
  3. 3.
    Access the AWS Management Console or use the AWS Command Line Interface (CLI) for making the necessary changes.
  4. 4.
    Retrieve the details of the security group(s) using the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>
  1. 1.
    Update the security group(s) to remove any existing inbound rules allowing access from 0.0.0.0/0 for TCP and UDP.
  2. 2.
    Add specific IP ranges or security group(s) that need access to the inbound rules.
  3. 3.
    Verify and validate the changes to ensure that the required access is still allowed while restricting access from 0.0.0.0/0.
  4. 4.
    Test the connectivity to ensure the proper functioning of the system.

Example AWS CLI Commands

To retrieve and modify the security group(s) using the AWS CLI, use the following commands:

  1. 1.
    To list all security groups associated with the VPC:
aws ec2 describe-security-groups --filters "Name=vpc-id,Values=<vpc-id>"
  1. 1.
    To remove an existing inbound rule that allows access from 0.0.0.0/0:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port> --cidr 0.0.0.0/0
  1. 1.
    To add a new inbound rule that allows access from a specific IP range:
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port> --cidr <ip-range>

Make sure to replace

<vpc-id>
,
<security-group-id>
,
<port>
, and
<ip-range>
with the appropriate values specific to your environment.

References

Is your System Free of Underlying Vulnerabilities?
Find Out Now