Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

VPC Security Groups Ingress Access Rule

This rule states that VPC security groups should restrict ingress access on common ports from 0.0.0.0/0.

RuleVPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

This rule enforces the security practice of restricting ingress access on specific ports within a Virtual Private Cloud (VPC) in order to comply with the NIST 800-171 Revision 2 security guidelines. The rule ensures that access to ports 20, 21, 22, 3306, 3389, and 4333 is only permitted from trusted IP addresses rather than allowing unrestricted access from all sources (0.0.0.0/0).

Troubleshooting Steps:

  2. 1.
    Identify the security groups associated with the affected VPC.
  4. 2.
    Check the inbound rules of these security groups.
  6. 3.
    Verify if there are any rules allowing incoming traffic on ports 20, 21, 22, 3306, 3389, or 4333 from the IP range 0.0.0.0/0.
  8. 4.
    Check the VPC's associated network access control list (ACL) rules to ensure they are not conflicting with the intended restrictions.
  10. 5.
    Verify if there are any overlapping security group rules that may be overriding the desired restrictions.

Necessary Codes:

No specific codes are required to enforce this rule. Instead, the rule will involve modifying the existing security group rules associated with the VPCs.

Step-by-Step Guide for Remediation:

  2. 1.

    Identify the VPC: Begin by identifying the VPC where the ingress access needs to be restricted. Note down the VPC ID for reference.

  4. 2.

    Identify the Security Groups: Identify the security groups associated with the VPC identified in the previous step. Note down the security group IDs for further steps.

  6. 3.

    Modify Inbound Rules: Modify the inbound rules for each relevant security group to restrict ingress access on ports 20, 21, 22, 3306, 3389, and 4333.

    • Access the AWS Management Console.
    • Navigate to the "VPC Dashboard" and choose "Security Groups" from the left sidebar.
    • Search for the security group ID obtained in Step 2.
    • Select the desired security group, and click on "Inbound Rules".
    • Remove any existing rules allowing incoming traffic on ports 20, 21, 22, 3306, 3389, or 4333 from the IP range 0.0.0.0/0.
    • Create new inbound rules to allow access to these ports only from trusted IP addresses or CIDR ranges.
    • Save the updated security group configuration.
  8. 4.

    Verify Changes: Verify that the changes have been successfully applied.

    • Test the connectivity from the restricted IP addresses to ports 20, 21, 22, 3306, 3389, and 4333.
    • Ensure that the connections are allowed only from the permitted IP addresses or CIDR ranges.
    • Confirm that connections from other sources are now blocked.
  10. 5.

    Repeat Steps for Additional Security Groups: If there are multiple relevant security groups within the VPC, repeat steps 3 and 4 for each of them.

  12. 6.

    Documentation: Document the changes made, including the date, time, and changes implemented. Ensure that all necessary stakeholders are aware of the updated security measures.

Conclusion:

By following these step-by-step instructions, you can effectively restrict the ingress access on ports 20, 21, 22, 3306, 3389, and 4333 within your VPC to comply with the NIST 800-171 Revision 2 security guidelines. Regularly reviewing and updating security group rules is crucial to ensure a secure AWS environment and protect sensitive data.

Is your System Free of Underlying Vulnerabilities?
Find Out Now