Unrestricted Netbios Access Should Not Be Allowed

More Info:

No AWS EC2 security group should allow unrestricted inbound access to TCP port 139 and UDP ports 137 and 138 (NetBIOS).

Risk Level

High

Address

Security

Compliance Standards

HIPAA, NIST, SOC2, GDPR

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the unrestricted NetBIOS access issue in AWS using AWS CLI, follow these steps:

Open the AWS CLI and run the following command to list all the security groups in your AWS account:
```
aws ec2 describe-security-groups
```
Identify the security group that has unrestricted NetBIOS access.
Run the following command to revoke the inbound rule that allows unrestricted NetBIOS access:
```
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 139 --cidr 0.0.0.0/0
```
Note: Replace <security-group-id> with the ID of the security group that you identified in step 2.
Run the following command to revoke the inbound rule that allows unrestricted NetBIOS access:
```
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 445 --cidr 0.0.0.0/0
```
Note: Replace <security-group-id> with the ID of the security group that you identified in step 2.
Verify that the inbound rules have been revoked by running the following command:
```
aws ec2 describe-security-groups --group-ids <security-group-id>
```
Note: Replace <security-group-id> with the ID of the security group that you identified in step 2.
Repeat steps 3-5 for all the security groups in your AWS account that have unrestricted NetBIOS access.
Once you have revoked the inbound rules for all the security groups, the unrestricted NetBIOS access issue will be remediated.

Using Python

To remediate the “Unrestricted Netbios Access Should Not Be Allowed” misconfiguration for AWS using python, you can follow these steps:

Import the necessary AWS SDK and modules in your python script.

import boto3
from botocore.exceptions import ClientError

Create an AWS client for EC2 service.

ec2 = boto3.client('ec2')

Get a list of all the security groups in your AWS account.

response = ec2.describe_security_groups()
security_groups = response['SecurityGroups']

Loop through each security group and check if it has unrestricted NetBIOS access. To do this, check if any of the inbound rules of the security group has the protocol set to “UDP” or “TCP”, the port range set to “137-139”, and the source IP range set to “0.0.0.0/0” or ”::/0”.

for sg in security_groups:
    for rule in sg['IpPermissions']:
        if rule['IpProtocol'] in ['tcp', 'udp'] and rule['FromPort'] <= 139 and rule['ToPort'] >= 137:
            for ip_range in rule['IpRanges']:
                if ip_range['CidrIp'] in ['0.0.0.0/0', '::/0']:
                    print(f"Security group {sg['GroupId']} allows unrestricted NetBIOS access.")

If you find any security group that has unrestricted NetBIOS access, remove the offending inbound rule from the security group using the revoke_security_group_ingress() method of the AWS EC2 client. You will need to provide the security group ID, the protocol, the port range, and the source IP range of the offending rule as parameters to this method.

try:
    ec2.revoke_security_group_ingress(
        GroupId=sg['GroupId'],
        IpPermissions=[
            {
                'IpProtocol': rule['IpProtocol'],
                'FromPort': rule['FromPort'],
                'ToPort': rule['ToPort'],
                'IpRanges': [
                    {
                        'CidrIp': ip_range['CidrIp']
                    }
                ]
            }
        ]
    )
    print(f"Removed unrestricted NetBIOS access from security group {sg['GroupId']}.")
except ClientError as e:
    print(f"Error removing unrestricted NetBIOS access from security group {sg['GroupId']}: {e}")

After removing the offending rule, you can verify that the security group no longer allows unrestricted NetBIOS access by repeating step 4.

Note: Make sure you have the necessary permissions to modify security groups in your AWS account.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted Netbios Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: