Products

Solutions

Company

Book A Live Demo

Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to Remote Server Administration Ports Rule

This rule ensures that security groups do not allow incoming traffic from all sources to remote server administration ports.

Rule	Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
Framework	cis_v150
Severity	✔ High

Rule Description

This rule is designed to ensure that no security groups in an environment allow incoming traffic from the IP range 0.0.0.0/0 (all IP addresses) to the remote server administration ports specified by the CIS benchmark version 1.5.0.

Remediation

To remediate this issue, you need to review and update the security groups' configurations to restrict access to the remote server administration ports.

Troubleshooting Steps

1.
Identify the security groups associated with your environment.

2.
Review the properties of each security group to determine if any inbound rules allow 0.0.0.0/0 access to the remote server administration ports mentioned in CIS benchmark v1.5.0.

3.
For each security group with such rules, modify them to restrict access to specific IP addresses or ranges.

AWS CLI Commands

Below are the necessary AWS CLI commands to identify and modify the security group rules.

Identify Security Groups with 0.0.0.0/0 Ingress Access

aws ec2 describe-security-groups | grep "IpProtocol\|FromPort\|ToPort\|CidrIp"

This command lists all security groups along with their associated ingress rules. You can manually review the output to identify security groups allowing 0.0.0.0/0 access.

Modify Security Group Ingress Rules

aws ec2 update-security-group-rule-descriptions-ingress --group-id <security_group_id> --ip-permissions '[{"IpProtocol": "<protocol>", "FromPort": <from_port>, "ToPort": <to_port>, "IpRanges": [{"CidrIp": "<cidr_ip>"}]}]'

Replace

<security_group_id>

<protocol>

<from_port>

<to_port>

, and

<cidr_ip>

with the appropriate values. Run this command for each security group that needs to be modified.

Example

Suppose you have two security groups,

sg-1234abcd

and

sg-abcd5678

, that need to be modified. The remote server administration ports specified by the CIS v1.5.0 benchmark are TCP ports 22 (SSH) and 3389 (RDP). To update the security group rules, you would execute the following commands:

aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-1234abcd --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": "YOUR_IP_RANGE"}]}]'

aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-1234abcd --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 3389, "ToPort": 3389, "IpRanges": [{"CidrIp": "YOUR_IP_RANGE"}]}]'

Repeat the above command with the appropriate security group IDs for all the security groups you identified during the troubleshooting steps.

Remember to replace

YOUR_IP_RANGE

with the desired IP range to allow access to the remote server administration ports.

Conclusion

By following the provided remediation steps and using the AWS CLI commands, you can ensure that no security group allows ingress from 0.0.0.0/0 to remote server administration ports for CIS benchmark v1.5.0. Regularly reviewing and updating security group configurations will help maintain a secure and controlled environment.

Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to Remote Server Administration Ports Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Troubleshooting Steps

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}AWS CLI Commands

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Example

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Conclusion

Is your System Free of Underlying Vulnerabilities? Find Out Now