Default Security Group Should Not Allow Unrestricted Public Traffic

More Info:

Default security groups should restrict all public traffic to follow AWS security best practices.

Risk Level

Low

Address

Security

Compliance Standards

CISAWS, CBP, NIST, SOC2, PCIDSS, GDPR, AWSWAF, NISTCSF, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Default Security Group Should Not Allow Unrestricted Public Traffic” for AWS using AWS CLI, follow the below steps:

Open the AWS CLI on your local machine.

Run the following command to get the ID of the default security group in your AWS account:

aws ec2 describe-security-groups --filters Name=group-name,Values=default --query 'SecurityGroups[*].GroupId' --output text

Run the following command to update the inbound rules of the default security group to allow only necessary traffic:
```
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol all --port all --cidr 0.0.0.0/0
```
This command will remove all the inbound rules that allow unrestricted public traffic.
Now, add the necessary inbound rules to the default security group using the following command:
```
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port-number> --cidr <ip-address>
```
Replace <port-number> with the port number you want to allow traffic for and <ip-address> with the IP address range you want to allow traffic from.
Repeat step 4 for all the necessary inbound rules.
Verify the updated inbound rules of the default security group using the following command:
```
aws ec2 describe-security-groups --group-ids <security-group-id>
```
This command will display the updated inbound rules for the default security group.

By following the above steps, you can remediate the misconfiguration “Default Security Group Should Not Allow Unrestricted Public Traffic” for AWS using AWS CLI.

Using Python

To remediate the misconfiguration of default security group allowing unrestricted public traffic in AWS using Python, you can follow these steps:

Import the necessary AWS SDK libraries and modules in Python.

import boto3

Create a connection to the AWS EC2 service using the boto3 library.

ec2 = boto3.client('ec2')

Get the default security group ID using the describe_security_groups() method.

response = ec2.describe_security_groups(GroupNames=['default'])
sg_id = response['SecurityGroups'][0]['GroupId']

Revoke the ingress rules that allow unrestricted public traffic using the revoke_security_group_ingress() method.

response = ec2.revoke_security_group_ingress(
    GroupId=sg_id,
    IpPermissions=[
        {
            'IpProtocol': '-1',
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        }
    ]
)

Confirm that the ingress rules have been revoked by describing the security group again.

response = ec2.describe_security_groups(GroupNames=['default'])
print(response)

This should remediate the misconfiguration of default security group allowing unrestricted public traffic in AWS using Python.

Additional Reading:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Default Security Group Should Not Allow Unrestricted Public Traffic

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: