Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Default Security Group Restriction

This rule ensures VPC default security group restricts all traffic for enhanced security measures.

RuleVPC default security group should not allow inbound and outbound traffic
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Rule Description

The default security group in a VPC should not allow inbound and outbound traffic for NIST Cybersecurity Framework (CSF) v1. This rule is intended to enhance the security of the VPC by restricting access to and from the VPC based on the NIST CSF v1 guidelines.

Troubleshooting Steps

If the default security group allows inbound and outbound traffic for NIST CSF v1, follow these troubleshooting steps to remediate the issue:

  2. 1.
    Verify the current inbound and outbound rules for the default security group.
  4. 2.
    Identify any rules that allow traffic related to NIST CSF v1.
  6. 3.
    Remove or modify the rules to align with the security requirements.
  8. 4.
    Test the updated rules to ensure they are working as intended.

Necessary Codes (if applicable)

If necessary, here are the commands for modifying security group rules in AWS:

To modify inbound rules:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol <protocol> --port <port> --cidr <cidr-range>

To modify outbound rules:

aws ec2 authorize-security-group-egress --group-id <security-group-id> --protocol <protocol> --port <port> --cidr <cidr-range>

Replace 

<security-group-id>
with the actual ID of the default security group, 
<protocol>
with the desired protocol (e.g., TCP, UDP), 
<port>
with the relevant port number or range, and 
<cidr-range>
with the appropriate CIDR range.

Step-by-Step Guide for Remediation

Follow these steps to remediate the default security group to disallow inbound and outbound traffic for NIST CSF v1:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Navigate to the Amazon VPC service.
  6. 3.
    Select "Security Groups" from the sidebar.
  8. 4.
    Locate and select the default security group associated with your VPC.
  10. 5.
    Review the existing inbound and outbound rules.
  12. 6.
    Identify any rules that allow traffic related to NIST CSF v1.
  14. 7.
    Take note of the specific details of those rules for reference during the modification process.
  16. 8.
    To remove an inbound rule, select it and click on the "Actions" dropdown menu, then choose "Delete".
  18. 9.
    To remove an outbound rule, select it and click on the "Actions" dropdown menu, then choose "Delete".
  20. 10.
    Repeat steps 8 and 9 for all rules related to NIST CSF v1.
  22. 11.
    If an existing rule needs modification rather than deletion, select it and click on the "Actions" dropdown menu, then choose "Edit".
  24. 12.
    Modify the rule according to the desired security requirements that align with NIST CSF v1.
  26. 13.
    Click "Save" to apply the changes to the security group.
  28. 14.
    Test the updated rules by attempting to access the VPC from external sources and verifying that traffic related to NIST CSF v1 is blocked.
  30. 15.
    If necessary, make further adjustments until the desired security rules are in place.

By following these steps and eliminating inbound and outbound traffic for NIST CSF v1 in the default security group, you can enhance the security of your VPC and ensure compliance with relevant security guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now