Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Internet Gateways Should Be Attached to Authorized VPC

This rule ensures that VPC internet gateways are attached to authorized VPCs, enhancing security measures.

RuleVPC internet gateways should be attached to authorized vpc
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description:

To comply with NIST 800-171 Revision 2, VPC (Virtual Private Cloud) internet gateways should only be attached to authorized VPCs. This rule ensures that there is proper control and management of network traffic to and from the VPCs, reducing the risk of unauthorized access and improving the security posture of the cloud infrastructure.

Troubleshooting Steps:

  2. 1.
    Verify VPC Attachments: Check the current attachments of the internet gateways to ensure they are only connected to authorized VPCs.
  4. 2.
    Review VPC Access Control Lists (ACLs): Confirm that the ACLs associated with the VPCs are properly configured to control inbound and outbound traffic.
  6. 3.
    Evaluate Security Group Settings: Inspect the security groups applied to the VPC instances to ensure they align with the authorized access requirements.
  8. 4.
    Evaluate Routing Table Entries: Review the routing tables associated with the VPCs to verify that the internet gateway is correctly configured.
  10. 5.
    Audit Network Traffic Logs: Analyze network traffic logs to identify any unauthorized connections or suspicious activities.
  12. 6.
    Perform Regular Audits: Conduct periodic audits to ensure ongoing compliance with the rule.

Necessary Code:

No specific code is required for this rule.

Step-by-Step Guide for Remediation:

  2. 1.
    Login to the AWS Management Console.
  4. 2.
    Navigate to the VPC service.
  6. 3.
    From the left-hand sidebar, select "Internet Gateways."
  8. 4.
    Review the list of internet gateways available.
  10. 5.
    Identify the internet gateway(s) that need to be verified for authorized VPC attachments.
  12. 6.
    Select an internet gateway to view its details.
  14. 7.
    In the "Details" tab, you will see the "VPC Attachments" section.
  16. 8.
    Verify that the attached VPC(s) is authorized and compliant with NIST 800-171 Revision 2.
    • If unauthorized VPC(s) are attached, remove them by selecting the VPC attachment and clicking on the "Detach" button.
    • If no VPC attachments are present or the authorized VPC is missing, proceed to the next step.
  18. 9.
    Go to the "Routes" tab to check the routing configuration.
  20. 10.
    Confirm that the default route is pointing to the internet gateway.
  • If not configured correctly, edit the route table associated with the VPC to add the default route (0.0.0.0/0) with the internet gateway as the target.
  2. 1.
    Review the associated security groups for the VPC instances.
  4. 2.
    Ensure that the security groups only allow necessary inbound and outbound traffic based on the authorized requirements.
  • Modify the security group rules if needed.
  2. 1.
    Review the VPC ACLs by going to the "Network ACLs" section.
  4. 2.
    Check the rules defined in the ACLs to confirm they are in compliance with the authorized access requirements.
  • Modify the ACL rules if necessary.
  2. 1.
    Regularly monitor and analyze network traffic logs to identify any unauthorized connections or suspicious activities.
  4. 2.
    Document and maintain records of the audits performed for compliance purposes.

Note: It is recommended to consult AWS documentation, NIST 800-171 guidelines, and involve security experts while implementing and enforcing this rule to ensure adherence to specific requirements and controls.

Is your System Free of Underlying Vulnerabilities?
Find Out Now