AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unrestricted MsSQL Access Should Not Be Allowed
More Info:
No security group should allow unrestricted inbound access to TCP port 1433 (MSSQL)
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, GDPR, HITRUST, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
To remediate the unrestricted MsSQL access in AWS, you can follow the below steps:
-
Login to the AWS Management Console.
-
Go to the RDS dashboard.
-
Select the RDS instance that has unrestricted MsSQL access.
-
Click on the “Modify” button.
-
Scroll down to the “Network & Security” section.
-
Under the “Security Group Rules” section, click on the “Edit” button.
-
Remove the rule that allows unrestricted MsSQL access.
-
Add a new rule that allows MsSQL access only from specific IP addresses or CIDR ranges.
-
Click on the “Save Changes” button.
-
Wait for the changes to be applied to the RDS instance.
By following the above steps, you have successfully remediated the unrestricted MsSQL access issue in AWS.
To remediate the unrestricted MsSQL access issue in AWS using AWS CLI, you can follow these steps:
-
Open the AWS CLI and run the following command to list all the security groups in your AWS account:
aws ec2 describe-security-groups -
Identify the security group that has unrestricted MsSQL access. You can identify the security group by looking at the inbound rules.
-
Once you have identified the security group, run the following command to revoke the inbound rule that allows unrestricted MsSQL access:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 1433 --cidr 0.0.0.0/0Replace
<security-group-id>with the ID of the security group that you identified in step 2. -
Verify that the inbound rule has been revoked by running the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>Replace
<security-group-id>with the ID of the security group that you identified in step 2. -
Once you have verified that the inbound rule has been revoked, you have successfully remediated the unrestricted MsSQL access issue in AWS.
To remediate this misconfiguration in AWS using Python, you can follow the below steps:
-
Identify the security group associated with the MS SQL Server instance.
-
Get the IP address of the client machine from where the MS SQL Server connection is initiated.
-
Create a new security group rule that allows incoming traffic from the client machine IP address to the MS SQL Server instance on port 1433.
-
Remove the existing security group rule that allows unrestricted access to the MS SQL Server instance.
Here’s the Python code to remediate this misconfiguration:
import boto3
# Specify the region where the MS SQL Server instance is located
region_name = 'us-west-2'
# Specify the name of the security group associated with the MS SQL Server instance
security_group_name = 'ms-sql-sg'
# Specify the IP address of the client machine from where the MS SQL Server connection is initiated
client_ip_address = '10.0.0.1/32'
# Create a new security group rule that allows incoming traffic from the client machine IP address to the MS SQL Server instance on port 1433
ec2 = boto3.client('ec2', region_name=region_name)
response = ec2.authorize_security_group_ingress(
GroupName=security_group_name,
IpPermissions=[
{
'IpProtocol': 'tcp',
'FromPort': 1433,
'ToPort': 1433,
'IpRanges': [
{
'CidrIp': client_ip_address,
'Description': 'Allow MS SQL Server access from client IP address'
},
],
},
],
)
# Remove the existing security group rule that allows unrestricted access to the MS SQL Server instance
response = ec2.revoke_security_group_ingress(
GroupName=security_group_name,
IpPermissions=[
{
'IpProtocol': 'tcp',
'FromPort': 1433,
'ToPort': 1433,
'IpRanges': [
{
'CidrIp': '0.0.0.0/0',
},
],
},
],
)
Note: Replace the region_name, security_group_name, and client_ip_address variables with the appropriate values for your environment.