Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

This rule focuses on restricting ingress SSH access from 0.0.0.0/0 in VPC security groups.

RuleVPC security groups should restrict ingress SSH access from 0.0.0.0/0
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

According to NIST 800-171 Revision 2 compliance requirements, the security groups within the Virtual Private Cloud (VPC) should have strict restrictions in place for incoming SSH (Secure Shell) access. This rule specifically focuses on restricting SSH access from any IP address (0.0.0.0/0) to enhance the overall security posture of the VPC.

Troubleshooting Steps:

  2. 1.
    Verify if security groups are properly configured for the VPC.
  4. 2.
    Check the inbound rules of the security groups to identify any SSH ingress access from 0.0.0.0/0.
  6. 3.
    Ensure that the SSH port (usually port 22) is appropriately configured and allowed for inbound access.
  8. 4.
    Verify if any other security rule conflict may be affecting the SSH access.

Required Codes:

No specific code is required for this rule. However, modifications to the existing security group rules are necessary.

Remediation Steps:

Step 1: Accessing AWS Management Console

  • Open a web browser and go to the AWS Management Console.
  • Enter your credentials and navigate to the AWS VPC service.

Step 2: Locating the Security Group

  • On the left-hand side panel, click on "Security Groups" to view the list of available security groups.
  • Identify the relevant security group that needs to be modified.

Step 3: Modifying Inbound Rules

  • Select the desired security group from the list to view the details.
  • In the "Inbound Rules" tab, review the existing configurations.

Step 4: Removing 0.0.0.0/0 SSH Ingress Access

  • Locate the SSH rule that allows access from 0.0.0.0/0.
  • Click on the "Edit" button or the pencil icon next to the rule.

Step 5: Modifying SSH Rule

  • To restrict SSH access, change the "Source" field from "0.0.0.0/0" to a more restricted IP range, like trusted IP addresses or a specific CIDR block.
  • Alternatively, you can specify a specific IP address or a limited CIDR range based on your organizational needs.

Step 6: Applying the Changes

  • After modifying the SSH rule, click on the "Save" or "Apply" button to save the changes.
  • The rule modification will take effect immediately.

Step 7: Validation

  • Validate the changes by attempting SSH access from an IP address outside the restricted range.
  • Confirm that the SSH access is denied, indicating successful implementation of the security group restriction.

Summary:

By ensuring that the VPC security group restricts ingress SSH access from 0.0.0.0/0 according to the NIST 800-171 Revision 2 requirements, the risk of unauthorized SSH access is mitigated. Following the step-by-step guide and modifying the inbound rules accordingly will enhance the security posture of the VPC to maintain compliance with NIST standards.

Is your System Free of Underlying Vulnerabilities?
Find Out Now