Rule: VPC security groups should restrict ingress SSH access from 0.0.0.0/0
This rule ensures VPC security groups restrict ingress SSH access from 0.0.0.0/0 to enhance security.
| Rule | VPC security groups should restrict ingress SSH access from 0.0.0.0/0 |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description:
VPC security groups should restrict ingress SSH access from 0.0.0.0/0 for Federal Financial Institutions Examination Council (FFIEC). This policy ensures that only authorized entities within the FFIEC can establish SSH connections to instances within the VPC security group while preventing any unauthorized access.
Troubleshooting Steps:
- 1.
Verify Security Group Configuration:
- Check the inbound rules of the VPC security group associated with the instances.
- Ensure that there is an SSH rule present allowing inbound access.
- Confirm that the source IP address is set to 0.0.0.0/0.
- 2.
Check FFIEC Access:
- Validate that the FFIEC has provided the correct IP address range that needs to be whitelisted for SSH access.
- Verify that the provided IP address range matches the one configured in the security group.
- 3.
Review Security Group Placement:
- Ensure that the instances that require SSH access are associated with the correct VPC security group.
- Verify that the inbound SSH rule is applied to the intended security group associated with the instances.
Necessary Code:
- There is no specific code required for this policy. The configuration is done through the AWS Management Console or API calls.
Step-by-Step Guide for Remediation:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 Dashboard.
- 3.
Click on the "Security Groups" option in the left-hand menu.
- 4.
Select the appropriate VPC security group that needs to be modified.
- 5.
Click on the "Inbound Rules" tab.
- 6.
Locate the SSH rule (port 22) and verify the source IP address is set to 0.0.0.0/0.
- 7.
If the source IP address for SSH access is not set to 0.0.0.0/0, modify the rule by clicking on "Edit" or "Add Rule" button.
- 8.
Update the source IP address to the provided IP range by the FFIEC.
- 9.
Save the changes.
- 10.
Validate that the instances associated with the security group now restrict SSH access only from the FFIEC provided IP range.
- 11.
Perform thorough testing by attempting to establish SSH connections from IPs outside the FFIEC range to ensure the access is properly restricted.
- 12.
Monitor security group settings periodically to ensure ongoing compliance with the established rule.
Conclusion:
By implementing the VPC security group rule to restrict SSH access from 0.0.0.0/0 only for the Federal Financial Institutions Examination Council (FFIEC) IP range, the organization ensures that unauthorized SSH access attempts are prevented, enhancing security and compliance.