Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to Remote Server Administration Ports Rule
This rule ensures that security groups do not allow inbound traffic from 0.0.0.0/0 to servers' administration ports.
| Rule | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports |
| Framework | cis_v130 |
| Severity | ✔ Low |
Rule Description:
The rule ensures that no security groups within the network infrastructure allow inbound traffic from the IP address range 0.0.0.0/0 to remote server administration ports. This rule is aligned with the Center for Internet Security (CIS) benchmark version 1.3.0, which provides a set of security best practices for securing network resources.
Reason for the Rule:
Allowing inbound traffic from the IP address range 0.0.0.0/0 to remote server administration ports may expose the server to unauthorized access and potential security threats. By implementing this rule, the network infrastructure ensures that only authorized and trusted sources can access remote server administration ports, reducing the risk of unauthorized access.
Troubleshooting Steps:
If you encounter issues while implementing this rule, follow these troubleshooting steps:
- 1.
Verify Security Group Configurations: Check the security group settings of your network infrastructure to ensure that no security groups have allowed inbound traffic from the IP address range 0.0.0.0/0 to remote server administration ports.
- 2.
Review Network Access Control Lists (ACLs): If the security group configurations appear to be correct, review the Network ACLs associated with the network infrastructure. Ensure that there are no rules allowing inbound traffic from 0.0.0.0/0 to remote server administration ports.
- 3.
Validate Firewall Rules: If both the security group configurations and Network ACLs seem correct, validate your firewall rules. Verify that there are no rules allowing inbound traffic from 0.0.0.0/0 to remote server administration ports.
- 4.
Log Analysis: Analyze logs, such as network traffic logs or firewall logs, to identify any anomalies or misconfigurations that could be allowing inbound traffic from 0.0.0.0/0 to remote server administration ports.
Remediation Steps:
To remediate this issue, follow these step-by-step instructions:
- 1.
Identify the Security Groups: Determine the security groups associated with your network infrastructure that could potentially allow inbound traffic from 0.0.0.0/0 to remote server administration ports.
- 2.
Modify Security Group Rules: Access the security group configuration and modify the rules to restrict inbound traffic. Configure the security group to only allow ingress from specific trusted IP addresses or ranges associated with authorized systems or administrators.
- Use the AWS Management Console or AWS CLI to access the security group settings.
- Locate the security group that needs modification.
- Remove any existing inbound rules that allow ingress from 0.0.0.0/0 to remote server administration ports.
- Add specific inbound rules to allow ingress only from authorized IP addresses or ranges.
- Save the updated security group settings.
- 3.
Validate Configuration: Verify that the security group changes have been applied successfully.
- 4.
Test Connectivity: After implementing the changes, test connectivity to the remote server administration ports from both authorized sources and unauthorized sources. Confirm that the authorized sources can still access the server administration ports while unauthorized sources are denied.
- 5.
Continuous Monitoring: Regularly monitor network access logs and conduct periodic audits to ensure compliance with the rule. If any deviations are found or new security groups are created, ensure they are configured to meet the restrictions imposed by this rule.
Additional Resources: