Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensuring Compliance with VPC Security Group Ingress Rule

This rule focuses on restricting ingress access on common ports within VPC security groups.

RuleVPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

This rule aims to enforce secure access to the resources within a VPC by restricting ingress traffic on specific ports from the 0.0.0.0/0 (any IP address) source for compliance with NIST 800-53 Revision 5 security standards.

Troubleshooting Steps:

  1. 1.
    Identify any instances or resources that should allow incoming traffic on ports 20, 21, 22, 3306, 3389, and 4333.
  2. 2.
    Check if the security group associated with those instances is configured to allow inbound traffic from specific IP ranges rather than allowing it from 0.0.0.0/0.
  3. 3.
    Review the inbound rules of the associated security groups to ensure that the mentioned ports are not open to all IP addresses.
  4. 4.
    Verify if any additional rules need to be added to allow specific IP addresses or ranges to access these ports securely.

Remediation Steps:

  1. 1.
    Log in to the AWS Management Console.
  2. 2.
    Go to the Amazon VPC service.
  3. 3.
    In the navigation pane, choose "Security Groups".
  4. 4.
    Identify the relevant security group(s) that should restrict access on the mentioned ports for compliance.

CLI Command:

aws ec2 describe-security-groups --group-names <security_group_name>
  1. 1.
    Review the existing inbound rules and note the security group IDs that need modification.

CLI Command:

aws ec2 authorize-security-group-ingress --group-id <security_group_id> --protocol tcp --port 20 --cidr 0.0.0.0/0 --source-security-group <source_security_group_id>

Replace

<security_group_id>
with the target security group ID that needs modification.

  1. 1.

    Repeat step 5 for ports 21, 22, 3306, 3389, and 4333.

  2. 2.

    Update any documentation or configurations that reference allowing inbound traffic on these ports from 0.0.0.0/0.

Note:

Ensure that only trusted and necessary IP addresses or ranges are allowed access to these ports for increased security and compliance with NIST 800-53 Revision 5.

Is your System Free of Underlying Vulnerabilities?
Find Out Now