Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Security Group Ingress Rule for Port 22

This rule focuses on restricting ingress from 0.0.0.0/0 to port 22 in security groups.

RuleSecurity groups should not allow ingress from 0.0.0.0/0 to port 22
FrameworkPCI v3.2.1
Severity
High

Rule Description

This rule sets a security measure to restrict incoming traffic on port 22 (SSH) for PCI v3 compliant systems. It ensures that the security groups in use do not permit any traffic from the IP address range 0.0.0.0/0 (which essentially means any IP address) to access port 22.

Troubleshooting Steps

If there are issues related to this rule, follow these troubleshooting steps:

  1. 1.
    Check the security group associated with the affected resource(s) (e.g., EC2 instances, RDS instances).
  2. 2.
    Verify the inbound rules of the security group.
  3. 3.
    Look for any rule allowing inbound access from the IP range 0.0.0.0/0 on port 22.
  4. 4.
    Make sure the rule is not present or has been disabled.

Necessary Codes

No specific codes are required for this rule. However, modifying the security group's inbound rules might involve running command-line interface (CLI) commands. The necessary CLI command will depend on the cloud platform being used.

Remediation Steps

To remediate this issue, you need to modify the security group associated with the resource(s) to remove or disable the inbound rule allowing traffic from 0.0.0.0/0 on port 22.

Follow these step-by-step instructions:

  1. 1.
    Identify the affected security group(s) associated with the resource(s).
  2. 2.
    Access the cloud provider's management console or use the CLI for making changes.
  3. 3.
    Navigate to the security group management section.
  4. 4.
    Locate the inbound rules settings for the targeted security group.
  5. 5.
    Identify the rule allowing ingress from 0.0.0.0/0 to port 22.
  6. 6.
    Remove or disable the identified rule based on your specific cloud provider's interface:
    • If using AWS CLI, you can use the following command to revoke the rule:
      aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0
      
    • If using Azure CLI, you can use the following command to delete the rule:
      az network nsg rule delete --name SSHRule --nsg-name <security-group-name> --resource-group <resource-group-name>
      
    • If using GCP CLI, you can use the following command to delete the rule:
      gcloud compute firewall-rules delete allow-ssh --project=<project-id>
      
  7. 7.
    Verify that the rule has been removed or disabled successfully.
  8. 8.
    Repeat these steps for all the affected security groups.

Note

Ensure that you have an alternative method for accessing the resource(s) securely after removing the rule. This might involve allowing access from specific IP ranges or implementing secure connectivity options like VPNs or bastion hosts.

Is your System Free of Underlying Vulnerabilities?
Find Out Now