Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress Access on Common Ports

This rule ensures VPC security groups restrict ingress access on specified common ports to enhance security.

RuleVPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

The VPC security groups within the organization should be configured to restrict ingress access on specific ports from the IP range 0.0.0.0/0. This rule is applied to ensure compliance with NIST 800-171 Revision 2, which provides guidelines for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations.

Troubleshooting Steps:

  1. 1.
    Identify the VPC security groups that have ingress access on ports 20, 21, 22, 3306, 3389, and 4333 from the IP range 0.0.0.0/0.
  2. 2.
    Verify that the security group rules only allow access from authorized IP ranges.
  3. 3.
    Ensure that no security group rules allow unrestricted access to the specified ports.

Necessary Codes:

No specific code is required for this rule. Instead, the rule is enforced through configuration changes in the VPC security groups.

Remediation Steps:

  1. 1.
    Identify the VPC security group associated with the resource that violates the rule.
  2. 2.
    Open the AWS Management Console and navigate to the VPC service.
  3. 3.
    In the left navigation pane, select "Security Groups."
  4. 4.
    Search and select the security group that needs to be modified.
  5. 5.
    Click on the "Inbound Rules" tab.
  6. 6.
    Locate the existing rules that allow ingress access on ports 20, 21, 22, 3306, 3389, and 4333 from the IP range 0.0.0.0/0.
  7. 7.
    Select each rule and click the "Delete" or "Edit" button, depending on the necessary action.
    • To delete the rule, confirm the deletion when prompted.
    • To edit the rule, modify the source IP range to allow access only from authorized IP ranges.
  8. 8.
    After removing or modifying the rules, click the "Save" button to apply the changes.
  9. 9.
    Repeat the above steps for all security groups that violate the rule.

Note: It is essential to ensure that the security groups still provide the required access for legitimate users while adhering to the ingress restriction policy.

Additional Notes:

  • The rule restricts inbound traffic on specific ports; however, it does not address egress traffic or other security aspects related to NIST 800-171 Revision 2. It's crucial to review and implement other relevant security measures to achieve overall compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now