Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

This rule ensures VPC security groups restrict ingress SSH access from 0.0.0.0/0 to enhance security measures.

RuleVPC security groups should restrict ingress SSH access from 0.0.0.0/0
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description

This rule is a security measure to enhance the network security of a VPC (Virtual Private Cloud) by restricting SSH access from the public internet (0.0.0.0/0) to only authorized sources. It aligns with the security requirement specified in NIST 800-53 Revision 4, which emphasizes the need to control network access to prevent unauthorized activities.

Troubleshooting Steps

If there are issues related to SSH access, the following troubleshooting steps can be followed:

  2. 1.

    Verify Security Group Configuration: Check if the security group associated with the VPC allows inbound SSH traffic from the expected IP range (0.0.0.0/0).

  4. 2.

    Check Network ACLs: Ensure that the Network Access Control List (ACL) associated with the VPC subnet where the instances reside allows inbound SSH traffic from the expected IP range.

  6. 3.

    Review Route Tables: Verify the route tables associated with the VPC to ensure that they are correctly configured for the desired traffic flow and allow SSH traffic from the authorized sources.

  8. 4.

    Check Instance-level Firewalls: If there are any instance-level firewalls or host-based firewalls, make sure they are configured properly to allow inbound SSH traffic from the authorized sources.

Necessary Code

The necessary code to implement this rule will depend on the cloud platform being used to manage the VPC. Below is an example using AWS CLI commands:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --source-cidr 0.0.0.0/0

Replace 

<security-group-id>
with the actual ID of the VPC security group.

Remediation Steps

To remediate this issue and restrict SSH access from 0.0.0.0/0, follow the step-by-step guide below:

  2. 1.

    Identify the relevant VPC: Determine the VPC that needs to be secured and note down its ID.

  4. 2.

    Identify the associated Security Group: Find the security group associated with the VPC, which requires ingress SSH access restriction.

  6. 3.

    Obtain the Security Group ID: Identify the security group ID (e.g., sg-0123456789abcdefgh) of the security group.

  8. 4.

    Update Security Group Ingress Rules: Execute the following AWS CLI command to update the security group's ingress rule, restricting SSH access to a specific IP range:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --source-cidr <ip-range-to-allow>

Replace 

<security-group-id>
with the actual security group ID and 
<ip-range-to-allow>
with the desired IP range to permit SSH access (e.g., 203.0.113.0/24).

  2. 1.
    Verify the Changes: Double-check the security group's AWS Management Console or through CLI to ensure that the ingress rule for SSH access has been successfully updated.

By following these steps and implementing the necessary changes, SSH access from the public internet (0.0.0.0/0) will be restricted, complying with the NIST 800-53 Revision 4 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now