AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unrestricted FTP Access Should Not Be Allowed
More Info:
No security group should allow unrestricted inbound access to TCP ports 20 and 21 (FTP).
Risk Level
Medium
Address
Security
Compliance Standards
HITRUST, AWSWAF, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the unrestricted FTP access issue in AWS, follow these steps:
- Log in to the AWS Management Console.
- Navigate to the EC2 dashboard.
- Select the EC2 instance(s) that have unrestricted FTP access.
- Click on the “Security Groups” tab at the bottom of the page.
- Identify the security group that is associated with the instance(s) and click on it.
- Click on the “Inbound Rules” tab.
- Locate the rule that allows unrestricted FTP access (port 21) and select it.
- Click on the “Delete” button to remove the rule.
- Click on the “Save” button to apply the changes.
Once you have completed these steps, the unrestricted FTP access issue will be remediated for the selected EC2 instance(s).
To remediate the unrestricted FTP access issue in AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine.
-
Run the following command to list all the security groups in your AWS account:
aws ec2 describe-security-groups
-
Identify the security group that has unrestricted FTP access.
-
Run the following command to remove the unrestricted FTP access from the identified security group:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 21 --cidr 0.0.0.0/0
Note: Replace <security-group-id> with the actual ID of the security group that needs to be updated.
- Verify that the FTP access has been removed by running the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>
Note: Replace <security-group-id> with the actual ID of the security group that was updated.
- Repeat the above steps for all the security groups in your AWS account to ensure that unrestricted FTP access is not allowed in any of them.
By following the above steps, you can remediate the unrestricted FTP access issue in AWS using AWS CLI.
To remediate unrestricted FTP access in AWS, you can use the following steps in Python:
Step 1: Identify the Security Group with unrestricted FTP access
import boto3
aws_account_id = 'YOUR_AWS_ACCOUNT_ID'
region = 'YOUR_AWS_REGION'
ec2 = boto3.client('ec2', region_name=region)
response = ec2.describe_security_groups()
for sg in response['SecurityGroups']:
for ip_permission in sg['IpPermissions']:
if 'FromPort' in ip_permission and ip_permission['FromPort'] == 21 and 'IpRanges' in ip_permission:
for ip_range in ip_permission['IpRanges']:
if ip_range['CidrIp'] == '0.0.0.0/0':
print('Security Group ID: ', sg['GroupId'])
This code will list all the security groups that have unrestricted FTP access.
Step 2: Update the Security Group to restrict FTP access
import boto3
aws_account_id = 'YOUR_AWS_ACCOUNT_ID'
region = 'YOUR_AWS_REGION'
ec2 = boto3.client('ec2', region_name=region)
security_group_id = 'YOUR_SECURITY_GROUP_ID'
response = ec2.revoke_security_group_ingress(
GroupId=security_group_id,
IpPermissions=[
{
'IpProtocol': 'tcp',
'FromPort': 21,
'ToPort': 21,
'IpRanges': [
{
'CidrIp': '0.0.0.0/0'
},
],
},
],
)
This code will restrict FTP access to the specified security group.
Step 3: Verify that FTP access is restricted
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
try:
s.connect(('FTP_SERVER_IP', 21))
print('FTP access is still unrestricted')
except:
print('FTP access is restricted')
s.close()
This code will verify that FTP access is restricted by attempting to connect to the FTP server. If the connection fails, it means that FTP access is restricted.