Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups should restrict ingress SSH access from 0.0.0.0/0

This rule ensures that VPC security groups restrict ingress SSH access to enhance security measures.

RuleVPC security groups should restrict ingress SSH access from 0.0.0.0/0
FrameworkNIST 800-171 Revision 2
Severity
High

VPC Security Group Ingress SSH Restriction

Description

To comply with the NIST 800-171 Revision 2 security control, the VPC security groups in your organization's AWS environment must restrict ingress SSH (Secure Shell) access from the

0.0.0.0/0
IP range. This IP range represents unrestricted access from any source IP address, which poses a security risk.

Restricting ingress SSH access to specific IP ranges helps protect your resources from unauthorized access and potential security breaches.

Troubleshooting Steps

If any issues arise while implementing the VPC security group ingress SSH restriction, follow these troubleshooting steps:

  1. 1.
    Verify that you have the necessary permissions to modify the VPC security groups.
  2. 2.
    Check if the existing security group rules allow SSH traffic from the
    0.0.0.0/0
    IP range.
  3. 3.
    Ensure that any existing outbound SSH rules are not affected by the new restriction.
  4. 4.
    Verify that the correct VPC and associated subnets are used in the security group.

Necessary Codes

No specific codes are required for this rule/policy. It involves modifying the existing security group rules using the AWS Management Console or AWS Command Line Interface (CLI).

Remediation Steps

Follow these steps to remediate the VPC security group ingress SSH restriction:

  1. 1.
    Navigate to the AWS Management Console and log in with appropriate credentials.
  2. 2.
    Go to the Amazon VPC service.
  3. 3.
    In the left sidebar, click on "Security Groups."
  4. 4.
    Identify the security group(s) that require ingress SSH restriction and select the desired security group.
  5. 5.
    Click on the "Inbound rules" tab to view the existing inbound rules.
  6. 6.
    Locate the SSH rule(s) with the source IP range
    0.0.0.0/0
    .
  7. 7.
    Select the rule and click on the "Delete" or "Edit" button.
    • If you choose to edit the existing rule, update the source IP range to a specific IP range or CIDR block that aligns with your organization's security policy.
  8. 8.
    Add a new inbound rule for SSH access, specifying the desired source IP range.
  9. 9.
    Review the changes and confirm the modified security group rules.

Ensure to apply these steps to all relevant security groups within your AWS environment to fully comply with the NIST 800-171 Revision 2 standard.

Note: It is strongly recommended to secure SSH access by specifying only trusted IP ranges and implementing other security measures such as multi-factor authentication (MFA) and key pair management.

By restricting ingress SSH access to specific IP ranges, you enhance the security posture of your VPC and reduce the risk of unauthorized access to your infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now