Unrestricted ICMP Access Should Not Be Allowed

More Info:

No security group should allow unrestricted inbound access using Internet Control Message Protocol (ICMP).

Risk Level

Medium

Address

Security

Compliance Standards

HITRUST, AWSWAF, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the unrestricted ICMP access issue in AWS using AWS CLI, follow these steps:

Open the AWS CLI or AWS Management Console.
Identify the security group that has unrestricted ICMP access. You can use the following command to list all the security groups in your AWS account:

aws ec2 describe-security-groups

Once you have identified the security group, use the following command to revoke the ICMP access rule:

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol icmp

Replace <security-group-id> with the ID of the security group that has unrestricted ICMP access.

Verify that the ICMP access rule has been revoked by running the following command:

aws ec2 describe-security-groups --group-ids <security-group-id>

This should return the details of the security group, which should no longer have the ICMP access rule.

Repeat the above steps for all the security groups that have unrestricted ICMP access.

By following these steps, you can remediate the unrestricted ICMP access issue in AWS using AWS CLI.

Using Python

To remediate the misconfiguration of unrestricted ICMP access in AWS using Python, you can follow these steps:

Identify the security group(s) that allow unrestricted ICMP access.
Use the AWS SDK for Python (Boto3) to modify the security group(s) and remove the rule that allows unrestricted ICMP access.

Here’s an example Python code snippet that you can use to remediate the misconfiguration:

import boto3

# Initialize the Boto3 client
ec2 = boto3.client('ec2')

# Define the security group ID(s) that allow unrestricted ICMP access
security_group_ids = ['sg-0123456789abcdefg', 'sg-abcdef0123456789']

# Loop through the security group IDs and remove the rule that allows unrestricted ICMP access
for sg_id in security_group_ids:
    # Describe the security group
    response = ec2.describe_security_groups(GroupIds=[sg_id])
    security_group = response['SecurityGroups'][0]

    # Loop through the inbound rules and remove the rule that allows unrestricted ICMP access
    for rule in security_group['IpPermissions']:
        if rule['IpProtocol'] == 'icmp' and rule['IpRanges'] == [{'CidrIp': '0.0.0.0/0'}]:
            ec2.revoke_security_group_ingress(
                GroupId=sg_id,
                IpPermissions=[{
                    'IpProtocol': 'icmp',
                    'IpRanges': [{'CidrIp': '0.0.0.0/0'}],
                    'UserIdGroupPairs': [],
                    'PrefixListIds': [],
                    'Ipv6Ranges': []
                }]
            )

Note: Replace the security_group_ids with the actual security group IDs that allow unrestricted ICMP access.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted ICMP Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: