Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress Access on Common Ports

This rule ensures VPC security groups limit ingress access on specified ports from specific IP ranges.

RuleVPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description:

This rule enforces that the ingress access to specific ports (20, 21, 22, 3306, 3389, and 4333) on a VPC security group should be restricted from the entire IP range (0.0.0.0/0). The purpose of this rule is to enhance the security of the VPC by limiting access to only necessary ports from trusted sources.

Troubleshooting Steps (if applicable):

  2. 1.
    Identify the VPC security group in question.
  4. 2.
    Check the current inbound rules for the security group.
  6. 3.
    Verify if any of the specified ports (20, 21, 22, 3306, 3389, 4333) allow access from the 0.0.0.0/0 IP range.
  8. 4.
    Update the security group rules to comply with the restriction.

Necessary Codes (if applicable):

No additional codes are needed for this rule.

Remediation Steps:

  2. 1.
    Open the AWS Management Console and navigate to the EC2 service.
  4. 2.
    In the EC2 dashboard, select "Security Groups" from the left sidebar.
  6. 3.
    Locate the security group associated with the VPC that needs to be updated.
  8. 4.
    Select the desired security group and click on the "Inbound Rules" tab at the bottom.
  10. 5.
    Identify the rules that allow ingress access on ports 20, 21, 22, 3306, 3389, and 4333 from the 0.0.0.0/0 IP range.
  12. 6.
    To update the rule, select the rule and click on the "Edit" button.
  14. 7.
    In the source field, change the IP range from 0.0.0.0/0 to a more restricted IP range, if applicable.
  16. 8.
    Alternatively, you can remove the existing rule and add a new rule with the desired IP range.
  18. 9.
    Click on "Save" to apply the changes.
  20. 10.
    Repeat steps 5-9 for each rule that violates the requirement.
  22. 11.
    Verify that all the specified ports are restricted from the 0.0.0.0/0 IP range by reviewing the inbound rules.

Note: It is recommended to limit access only to necessary IP ranges and security groups to enhance the security of the VPC. Ensure that you have a backup plan in case access restrictions cause any operational issues.

Is your System Free of Underlying Vulnerabilities?
Find Out Now