Rule: VPC Default Security Group Restrictions
This rule ensures VPC default security group restricts all traffic.
| Rule | VPC default security group should not allow inbound and outbound traffic |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description
The VPC default security group should not allow any inbound or outbound traffic as per the requirements specified in NIST 800-53 Revision 4. This rule helps in ensuring that the default security group, which is automatically created for every VPC in AWS, is properly configured to restrict any unauthorized access to and from the VPC.
Reason for the Rule
The NIST 800-53 Revision 4 provides standards and guidelines for securing information systems and organizations. By enforcing this rule, potential security vulnerabilities can be mitigated and unauthorized network traffic can be restricted.
Troubleshooting Steps
- 1.
Identify default security group: First, determine the default security group associated with your VPC. This can be done through the AWS Management Console or by using AWS CLI command
.describe-security-groups - 2.
Check inbound rules: Verify that there are no inbound rules defined for the default security group. The inbound rules determine what traffic is allowed into the VPC. If any inbound rules are defined, ensure that they are removed or modified to comply with the rule.
- 3.
Check outbound rules: Verify that there are no outbound rules defined for the default security group. The outbound rules determine what traffic is allowed to leave the VPC. If any outbound rules are defined, ensure that they are removed or modified to comply with the rule.
- 4.
Validate changes: After modifying the default security group, verify that no inbound or outbound traffic is allowed. This can be done through the AWS Management Console or by using the AWS CLI command
.describe-security-groups
Remediation Steps
Follow these steps to remediate the VPC default security group to comply with the NIST 800-53 Revision 4:
- 1.
Open the AWS Management Console and navigate to the VPC service.
- 2.
Select the default security group associated with your VPC.
- 3.
Remove any existing inbound rules by selecting them and clicking on the "Delete" button. Ensure that there are no remaining inbound rules.
- 4.
Remove any existing outbound rules by selecting them and clicking on the "Delete" button. Ensure that there are no remaining outbound rules.
- 5.
Click on the "Save rules" button to save the changes to the default security group.
- 6.
Validate the changes by attempting to access resources within the VPC from both inside and outside the VPC. Ensure that all access attempts are denied.
- 7.
If the changes were made using the AWS Management Console, validate the changes by going to the Security Groups section and verifying that no inbound or outbound rules are defined for the default security group.
- 8.
If the changes were made using the AWS CLI, run the command
and verify that no inbound or outbound rules are defined for the default security group.aws ec2 describe-security-groups
Additional Considerations
- It is important to ensure that any other security groups associated with resources in the VPC are properly configured to allow necessary inbound and outbound traffic. Avoid relying on the default security group for securing resources within your VPC.
- Regularly review and update security group rules to align with organizational policies and regulatory requirements.