Unrestricted RPC Access Should Not Be Allowed

More Info:

No security group should allow unrestricted inbound access to TCP port 135 (RPC).

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, HITRUST, AWSWAF, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the “Unrestricted RPC Access Should Not Be Allowed” misconfiguration in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine.
Run the following command to list the security groups in your AWS account:
```
aws ec2 describe-security-groups
```
Identify the security group that has the unrestricted RPC access.
Run the following command to modify the security group and remove the unrestricted RPC access:
```
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 111 --cidr 0.0.0.0/0
```
Note: Replace <security-group-id> with the ID of the security group that has the unrestricted RPC access.
Run the following command to verify that the unrestricted RPC access has been removed:
```
aws ec2 describe-security-groups --group-ids <security-group-id>
```
Note: Replace <security-group-id> with the ID of the security group that has the unrestricted RPC access.
Verify that the remediation was successful by confirming that the security group no longer has unrestricted RPC access.

By following these steps, you can remediate the “Unrestricted RPC Access Should Not Be Allowed” misconfiguration in AWS using AWS CLI.

Using Python

To remediate the “Unrestricted RPC Access Should Not Be Allowed” issue in AWS using Python, follow the below steps:

First, we need to identify the security group that allows unrestricted RPC access. You can use the following Python code to list all the security groups in your AWS account:

import boto3

ec2 = boto3.client('ec2')

response = ec2.describe_security_groups()
for sg in response['SecurityGroups']:
    print(sg['GroupId'], sg['GroupName'])

Once you have identified the security group that allows unrestricted RPC access, you can use the following Python code to revoke the rule:

import boto3

ec2 = boto3.client('ec2')

response = ec2.revoke_security_group_ingress(
    GroupId='SECURITY_GROUP_ID',
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 135,
            'ToPort': 139,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        },
        {
            'IpProtocol': 'tcp',
            'FromPort': 445,
            'ToPort': 445,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        },
        {
            'IpProtocol': 'udp',
            'FromPort': 137,
            'ToPort': 138,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        }
    ]
)

In the above code, replace ‘SECURITY_GROUP_ID’ with the ID of the security group that allows unrestricted RPC access.

The above code will revoke the rule that allows unrestricted RPC access. You can run the first code again to verify that the rule has been revoked.

Note: The above code assumes that you have the necessary permissions to modify security groups in your AWS account.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted RPC Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: