Rule: VPC Security Groups Restrict Ingress SSH Access from 0.0.0.0/0
This rule focuses on restricting SSH access from 0.0.0.0/0 in VPC security groups.
| Rule | VPC security groups should restrict ingress SSH access from 0.0.0.0/0 |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description
According to FedRAMP Low Revision 4 compliance requirements, the security groups within the Virtual Private Cloud (VPC) should restrict inbound Secure Shell (SSH) access from all IP addresses (0.0.0.0/0). This rule aims to enhance the security posture of the VPC by limiting SSH access to only authorized sources.
Troubleshooting Steps
If SSH access from 0.0.0.0/0 is not restricted, it may pose a security risk, allowing anyone to potentially gain unauthorized access to the VPC instances. To troubleshoot and ensure compliance with the FedRAMP Low Revision 4, follow the steps provided below:
- 1.
Identify Security Groups: Identify the security groups associated with the VPC instances that allow SSH access.
- 2.
Review Ingress Rules: Review the ingress rules of the identified security groups to check if there are any inbound rules allowing SSH access from 0.0.0.0/0.
- 3.
Modify Security Group Rules: If you find any inbound rules allowing SSH access from 0.0.0.0/0, modify the security group rules to restrict access to only authorized IP addresses.
- 4.
Verify Changes: After modifying the security group rules, verify that SSH access from 0.0.0.0/0 is no longer allowed.
Necessary Codes
No necessary codes are provided in this specific rule. Instead, you will need to modify the security group rules using the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation
To comply with the FedRAMP Low Revision 4 requirements and restrict ingress SSH access from 0.0.0.0/0, follow the step-by-step guide below:
- 1.
Identify the Security Group
Identify the security group associated with the VPC instances to apply the necessary changes. Note down the security group ID for reference.
- 2.
Access the AWS Management Console or CLI
Access the AWS Management Console or AWS CLI to modify the security group rules. Choose the most convenient method for you.
- 3.
Navigate to VPC Dashboard
In the AWS Management Console, navigate to the VPC Dashboard by selecting "Services" from the top menu bar and searching for "VPC." Click on the "VPC" service when it appears.
- 4.
Select Security Groups
In the VPC Dashboard, select "Security Groups" from the left-hand navigation panel.
- 5.
Search for the Security Group
Use the search bar or manually find the security group associated with the VPC instances that need modification. Click on the security group when found.
- 6.
Review Ingress Rules
In the selected security group, review the existing ingress rules to identify any SSH rules allowing access from 0.0.0.0/0.
- 7.
Edit Security Group Inbound Rules
If there are any SSH rules allowing access from 0.0.0.0/0, edit the security group's inbound rules as follows:
- Remove the existing SSH (port 22) rule allowing access from 0.0.0.0/0.
- Add a new SSH rule that allows access only from authorized IP addresses or IP ranges.
- 8.
Save Changes
Save the changes made to the security group inbound rules.
- 9.
Verify SSH Access Restriction
After saving the changes, verify that SSH access from 0.0.0.0/0 is no longer allowed.
By following these steps, you will have successfully restricted ingress SSH access from 0.0.0.0/0 for FedRAMP Low Revision 4 compliance.