AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unrestricted CIFS Access Should Not Be Allowed
More Info:
No AWS EC2 security group should allow unrestricted inbound access to TCP port 445 and (CIFS).
Risk Level
Medium
Address
Security
Compliance Standards
HITRUST, AWSWAF, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the unrestricted CIFS access issue in AWS, you can follow the below steps:
- Login to the AWS Management Console.
- Go to the EC2 dashboard.
- Select the Security Group associated with the EC2 instance that has unrestricted CIFS access.
- Click on the “Inbound Rules” tab.
- Locate the rule that allows unrestricted CIFS access and select it.
- Click on the “Edit” button.
- Change the source IP range to only allow access from trusted IP addresses or a specific IP range.
- Save the changes.
By following these steps, you have successfully remediated the unrestricted CIFS access issue in AWS.
To remediate the misconfiguration of unrestricted CIFS access in AWS using AWS CLI, you can follow these steps:
-
Open the AWS CLI on your local machine or EC2 instance.
-
Run the following command to list all the Amazon Elastic File System (Amazon EFS) file systems in your AWS account:
aws efs describe-file-systems
-
Identify the file system that has unrestricted CIFS access.
-
Run the following command to modify the file system policy to restrict CIFS access:
aws efs put-file-system-policy --file-system-id fs-12345678 --policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"RestrictCIFSAccess\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"elasticfilesystem:ClientMount\",\"elasticfilesystem:ClientWrite\"],\"Resource\":\"arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-12345678\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}]}"
Replace fs-12345678 with the ID of the file system that has unrestricted CIFS access.
- Verify that the policy has been updated by running the following command:
aws efs describe-file-system-policy --file-system-id fs-12345678
This command should return the updated policy for the file system.
- Test the file system to ensure that CIFS access has been restricted.
To remediate unrestricted CIFS access in AWS using Python, follow these steps:
- Import the necessary libraries:
import boto3
- Create an Amazon S3 client:
s3 = boto3.client('s3')
- Retrieve the current bucket policy:
bucket_policy = s3.get_bucket_policy(Bucket='your-bucket-name')
- Check if the policy allows unrestricted CIFS access:
if 'CIFS' in bucket_policy['Policy']:
# Remove the CIFS permission
new_policy = bucket_policy['Policy'].replace('CIFS', '')
# Update the bucket policy
s3.put_bucket_policy(Bucket='your-bucket-name', Policy=new_policy)
- If the policy allows unrestricted CIFS access, remove the CIFS permission from the policy:
new_policy = bucket_policy['Policy'].replace('CIFS', '')
- Update the bucket policy:
s3.put_bucket_policy(Bucket='your-bucket-name', Policy=new_policy)
By following these steps, you can remediate unrestricted CIFS access in AWS using Python.