More Info:

No AWS EC2 security group should allow unrestricted inbound access to TCP port 445 and (CIFS).

Risk Level

Medium

Address

Security

Compliance Standards

HITRUST, AWSWAF, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

To remediate the unrestricted CIFS access issue in AWS, you can follow the below steps:
  1. Login to the AWS Management Console.
  2. Go to the EC2 dashboard.
  3. Select the Security Group associated with the EC2 instance that has unrestricted CIFS access.
  4. Click on the “Inbound Rules” tab.
  5. Locate the rule that allows unrestricted CIFS access and select it.
  6. Click on the “Edit” button.
  7. Change the source IP range to only allow access from trusted IP addresses or a specific IP range.
  8. Save the changes.
By following these steps, you have successfully remediated the unrestricted CIFS access issue in AWS.

To remediate the misconfiguration of unrestricted CIFS access in AWS using AWS CLI, you can follow these steps:
  1. Open the AWS CLI on your local machine or EC2 instance.
  2. Run the following command to list all the Amazon Elastic File System (Amazon EFS) file systems in your AWS account: 
aws efs describe-file-systems
  1. Identify the file system that has unrestricted CIFS access.
  2. Run the following command to modify the file system policy to restrict CIFS access: 
aws efs put-file-system-policy --file-system-id fs-12345678 --policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"RestrictCIFSAccess\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"elasticfilesystem:ClientMount\",\"elasticfilesystem:ClientWrite\"],\"Resource\":\"arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-12345678\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}]}"
Replace fs-12345678 with the ID of the file system that has unrestricted CIFS access.
  1. Verify that the policy has been updated by running the following command:
aws efs describe-file-system-policy --file-system-id fs-12345678
This command should return the updated policy for the file system.
  1. Test the file system to ensure that CIFS access has been restricted.
To remediate unrestricted CIFS access in AWS using Python, follow these steps:
  1. Import the necessary libraries:
import boto3
  1. Create an Amazon S3 client:
s3 = boto3.client('s3')
  1. Retrieve the current bucket policy:
bucket_policy = s3.get_bucket_policy(Bucket='your-bucket-name')
  1. Check if the policy allows unrestricted CIFS access:
if 'CIFS' in bucket_policy['Policy']:
    # Remove the CIFS permission
    new_policy = bucket_policy['Policy'].replace('CIFS', '')
    # Update the bucket policy
    s3.put_bucket_policy(Bucket='your-bucket-name', Policy=new_policy)
  1. If the policy allows unrestricted CIFS access, remove the CIFS permission from the policy:
new_policy = bucket_policy['Policy'].replace('CIFS', '')
  1. Update the bucket policy:
s3.put_bucket_policy(Bucket='your-bucket-name', Policy=new_policy)
By following these steps, you can remediate unrestricted CIFS access in AWS using Python.

Additional Reading: