Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

This rule ensures that VPC security groups restrict SSH access from all IP addresses.

Rule	VPC security groups should restrict ingress SSH access from 0.0.0.0/0
Framework	RBI Cyber Security Framework
Severity	✔ High

Description:

According to the RBI Cyber Security Framework, it is recommended to restrict SSH access to your VPC security groups from 0.0.0.0/0. This policy aims to enhance the security of your AWS infrastructure by limiting SSH access to only trusted sources.

Troubleshooting Steps:

If your security groups are not restricting ingress SSH access from 0.0.0.0/0, you might face potential security risks due to unauthorized access. To troubleshoot and implement this policy correctly, follow the steps below:

1.
Identify the security group associated with your VPC.

2.
Review the inbound rule configurations of the security group.

3.
Verify that there is an inbound rule specifically allowing SSH access.

4.
Check the source IP range specified for the SSH inbound rule.

5.
If the source IP range is set to 0.0.0.0/0, proceed with the remediation steps.

Necessary Code:

If you are using AWS CLI, you can utilize the following code snippet to implement this policy:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0

Step-by-Step Guide for Remediation:

1.
Open your AWS Management Console.

2.
Navigate to the VPC service.

3.
From the left-hand panel, select "Security Groups."

4.
Identify the security group associated with your VPC that needs to be updated.

5.
Select the security group by clicking on its name.

6.
In the "Inbound Rules" tab, locate the existing rule that allows SSH access.

7.
Edit the rule by selecting the "Edit" or "Edit Inbound Rules" button.

8.
Change the "Source" field to "Custom" and enter the trusted IP range from where SSH access is expected.

9.
Remove the existing "0.0.0.0/0" entry, if present.

10.
Save the changes to apply the updated configuration.

Alternative Method (AWS CLI):

1.
Open a terminal or command prompt.

2.
Run the following command, replacing
```
<security-group-id>
```
with the actual ID of your security group:

aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr <trusted-ip-range>

Ensure that you replace

<trusted-ip-range>

with the appropriate IP range from where you want to allow SSH access. It is advisable to limit the range to a specific IP or a CIDR block to strengthen security.

By following these steps, you will successfully enforce the RBI Cyber Security Framework policy and restrict 0.0.0.0/0 ingress SSH access to your VPC security groups. This will help mitigate the risk of unauthorized SSH connections and enhance the security of your AWS infrastructure.

Rule: VPC Security Groups Should Restrict Ingress SSH Access from 0.0.0.0/0

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Alternative Method (AWS CLI):

Is your System Free of Underlying Vulnerabilities? Find Out Now

Alternative Method (AWS CLI):

Is your System Free of Underlying Vulnerabilities?
Find Out Now