Description:
Ensure there are no Security Groups without ingress filtering being used. Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access.
Rational:
Any security groups configured to allow unrestricted access can increase opportunities for malicious activity such as hacking, denial-of-service attacks, or brute-force attacks.
Impact:
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group.
Audit:
Sign in to AWS management console
Go to EC2 dashboard at https://console.aws.amazon.com/ec2
Click on security groups in the left navigation pane
Select the security group you want to examine
Go to the Inbound tab and make sure at least one rule exist
Remediation:
Pre-requisites:
Sign in as admin or IAM user with required permissions
Need at least one security group
Implementation steps:
Sign in to AWS management console
Go to EC2 dashboard at https://console.aws.amazon.com/ec2
Click on security groups in the left navigation pane
Select the security group you want to modify and click on inbound tab at the bottom
Click on Edit Inbound rules
Click on Add rule and provide the configurations as per your security norms
Click on save rules
Backout plan:
To revoke the changes follow the implementation steps and delete the rule
Reference:
Security groups for your VPC - Amazon Virtual Private Cloud