Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Default Security Group Restrictions

This rule ensures the VPC default security group does not allow inbound and outbound traffic.

RuleVPC default security group should not allow inbound and outbound traffic
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Rule Description:

The VPC (Virtual Private Cloud) default security group should not allow inbound and outbound traffic for NIST Cybersecurity Framework (CSF) v1. This rule ensures that network traffic associated with the CSF is restricted to specific security groups or network ACLs (Access Control Lists) within the VPC.

Policy Details:

By default, every VPC in AWS (Amazon Web Services) comes with a default security group. This security group allows all inbound and outbound traffic within the VPC. To comply with the NIST Cybersecurity Framework v1, it is recommended to restrict this default security group to prevent unauthorized access to network resources.

Troubleshooting Steps:

If the default security group is allowing inbound and outbound traffic for NIST CSF v1, follow these troubleshooting steps to resolve the issue:

  2. 1.
    Identify the default security group associated with the VPC.
  4. 2.
    Review the inbound and outbound rules set for the default security group.
  6. 3.
    Verify that the rules do not allow any traffic related to NIST CSF.
  8. 4.
    If any rules are found allowing NIST CSF traffic, they should be removed or modified accordingly.
  10. 5.
    Ensure that the VPC has additional security groups or network ACLs applied to allow specific traffic related to NIST CSF (if required).

Necessary Codes:

No specific code is required for this rule. The rule can be enforced through the AWS Management Console or the AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation:

Follow these step-by-step instructions to remediate the default security group and restrict inbound and outbound traffic for NIST Cybersecurity Framework v1:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Open the Amazon VPC service.
  6. 3.
    In the navigation pane, choose "Security Groups."
  8. 4.
    Select the default security group associated with the VPC you want to modify.
  10. 5.
    Click on the "Inbound Rules" tab to review the existing inbound rules.
  12. 6.
    Remove any rules that allow NIST CSF-related traffic (if present) by selecting the rule and clicking "Delete" or "Remove."
  14. 7.
    Click on the "Outbound Rules" tab to review the existing outbound rules.
  16. 8.
    Remove any rules that allow NIST CSF-related traffic (if present) by selecting the rule and clicking "Delete" or "Remove."
  18. 9.
    Once all the necessary changes have been made, click "Save" to apply the modified inbound and outbound rules.
  20. 10.
    Verify that the default security group now disallows inbound and outbound traffic for NIST CSF v1.

Note: It is important to ensure that alternate security groups or network ACLs are properly configured to allow necessary communication related to NIST CSF, if applicable.

Remember to always review and plan changes before applying them in a production environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now