Rule: VPC Default Security Group Restriction
This rule ensures the VPC default security group restricts all inbound and outbound traffic.
| Rule | VPC default security group should not allow inbound and outbound traffic |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Medium |
Rule Description:
The VPC default security group should restrict inbound and outbound traffic according to the guidelines provided in NIST 800-53 Revision 5. This is to ensure the security and compliance of the AWS resources within the VPC.
Description:
The VPC default security group is automatically created when setting up a Virtual Private Cloud (VPC) in Amazon Web Services (AWS). By default, it allows unrestricted inbound and outbound traffic, which can pose security risks if not properly configured.
To comply with the recommendations of NIST 800-53 Revision 5, it is necessary to update the rules of the default security group to restrict inbound and outbound traffic based on the specific requirements of your organization.
Troubleshooting Steps:
- 1.Identify the VPC default security group:
- Login to the AWS Management Console.
- Go to the Amazon VPC service.
- Click on "Security Groups" in the left navigation menu.
- Locate the security group with the name "default" in the "Group Name" column.
- 2.Review the inbound and outbound rules:
- Click on the security group name to access the details.
- Review the inbound and outbound rules listed under the "Inbound Rules" and "Outbound Rules" sections.
- Note down the existing rules and their associated protocols, ports, and source/destination IPs.
- 3.Update the inbound and outbound rules:
- Determine the specific requirements outlined in NIST 800-53 Revision 5 for inbound and outbound traffic.
- Remove any existing rules that do not align with these requirements.
- Add new rules as necessary to meet the compliance guidelines.
- 4.Test the updated rules:
- Launch a test instance within the VPC and attempt to access resources from different sources.
- Ensure that the traffic conforms to the updated security group rules.
- Validate that necessary communication is still possible while any unauthorized access is denied.
Necessary Codes:
No special code is required for this task. The steps mentioned above can be accomplished using the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation:
Follow the steps below to remediate the VPC default security group to comply with NIST 800-53 Revision 5:
- 1.Login to the AWS Management Console.
- 2.Go to the Amazon VPC service.
- 3.Click on "Security Groups" in the left navigation menu.
- 4.Identify the security group with the name "default" in the "Group Name" column.
- 5.Click on the security group name to access the details.
- 6.Review the inbound and outbound rules listed under the "Inbound Rules" and "Outbound Rules" sections.
- 7.Determine the specific requirements outlined in NIST 800-53 Revision 5 for inbound and outbound traffic.
- 8.Remove any existing rules that do not align with these requirements.
- 9.Add new rules as necessary to meet the compliance guidelines.
- 10.Test the updated rules by launching a test instance within the VPC.
- 11.Attempt to access resources from different sources and ensure the traffic conforms to the updated security group rules.
- 12.Validate that necessary communication is still possible while any unauthorized access is denied.
Note: It is important to thoroughly understand the security requirements of your organization and the compliance guidelines provided by NIST 800-53 Revision 5 to ensure the correct configuration of the VPC default security group.