Rule: VPC Default Security Group Restriction
This rule ensures default VPC security group restricts all inbound and outbound traffic.
| Rule | VPC default security group should not allow inbound and outbound traffic |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description:
The VPC default security group should not allow inbound and outbound traffic to align with the security requirement of NIST 800-171 Revision 2. This rule ensures that the default security group, which is automatically created when setting up a VPC (Virtual Private Cloud) in AWS (Amazon Web Services), does not have any unnecessary open ports or allow traffic that could potentially compromise the security of the network.
Troubleshooting Steps:
- 1.
Verify default security group rules: Check the inbound and outbound rules of the default security group associated with your VPC.
- 2.
Audit current inbound and outbound traffic: Determine if there are any existing internet-facing services that rely on inbound or outbound traffic allowed by the default security group.
- 3.
Review NIST 800-171 Revision 2 requirements: Familiarize yourself with the specific security requirements outlined in NIST 800-171 Revision 2 to ensure compliance.
- 4.
Identify necessary ports and protocols: Identify any inbound or outbound ports and protocols required for your infrastructure and applications to function properly.
- 5.
Update security group rules: Modify the default security group to restrict inbound and outbound traffic based on the identified necessary ports and protocols.
Necessary Codes:
As the necessary codes may vary based on your specific requirements and infrastructure setup, it is recommended to use the AWS CLI (Command Line Interface) or AWS Management Console to update the security group rules. Below are general steps to guide you through the remediation process:
Step-by-Step Guide for Remediation:
- 1.
Sign in to the AWS Management Console or open your preferred AWS CLI.
- 2.
Navigate to the EC2 dashboard.
- 3.
In the sidebar, click on "Security Groups."
- 4.
Locate the default security group associated with your VPC.
- 5.
Select the default security group and click on "Inbound Rules" or "Outbound Rules," depending on the direction of traffic you want to restrict.
- 6.
Remove any existing rules that allow inbound or outbound traffic not aligned with NIST 800-171 requirements.
- 7.
Click on "Add Rule" or "Edit Rules" to add the necessary ports and protocols required for your infrastructure and applications.
- 8.
Specify the appropriate protocol (TCP, UDP, ICMP) and port range for each required rule.
- 9.
Save the changes and review the new rules to ensure they align with NIST 800-171 Revision 2.
- 10.
Test the modified security group to verify that the necessary inbound and outbound traffic is working as expected.
- 11.
Monitor the security group regularly to ensure ongoing compliance with NIST 800-171 Revision 2.
Note: Be cautious while modifying security group rules, as incorrect changes may result in service disruptions or security vulnerabilities. Always validate and test changes before applying them in a production environment.
Remember to consult with your organization's security team or an AWS-certified professional to ensure compliance and minimize any potential risks.