Description: 

Ensure there are no Security Groups without ingress filtering being used. Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access.


Rational:

Any security groups configured to allow unrestricted access can increase opportunities for malicious activity such as hacking, denial-of-service attacks, or brute-force attacks.


Impact:

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group.


Audit:

  1. Sign in to AWS management console

  2. Go to EC2 dashboard at https://console.aws.amazon.com/ec2

  3. Click on security groups in the left navigation pane

  4. Select the security group you want to examine

  5. Go to the Inbound tab and make sure at least one rule exist


Remediation:

Pre-requisites:

  1. Sign in as admin or IAM user with required permissions

  2. Need at least one security group


Implementation steps:

  1. Sign in to AWS management console

  2. Go to EC2 dashboard at https://console.aws.amazon.com/ec2

  3. Click on security groups in the left navigation pane

  4. Select the security group you want to modify and click on inbound tab at the bottom

  5. Click on Edit Inbound rules

  6. Click on Add rule and provide the configurations as per your security norms

  7. Click on save rules


Backout plan:

To revoke the changes follow the implementation steps and delete the rule


Reference:

Security groups for your VPC - Amazon Virtual Private Cloud