More Info:

Your AWS EC2 default security groups should restrict all inbound public traffic in order to enforce AWS users (EC2 administrators, resource managers, etc) to create custom security groups that exercise the rule of least privilege instead of using the default security groups.

Risk Level

Low

Address

Security

Compliance Standards

PCIDSS, MAS, APRA

Remediation

How to ensure default Security Group does not allow unrestricted inbound access

Using AWS Console

  1. Open the AWS Management Console and navigate to the Amazon EC2 service.
  2. From the left navigation pane, click on “Security Groups” to view the list of security groups. (In the Cloudanix Console, navigate to “Misconfig” page and look for Affected Assets for “Default Security Groups Should Not Allow Unrestricted Inbound Access” Policy.)
  3. Look for the default security group in the list. By default, it is named “default” and should be associated with your VPC.
  4. Select the default security group by clicking on its name.
  5. In the “Inbound Rules” tab, review the existing inbound rules configured for the default security group.
  6. Identify any rules that allow unrestricted access (such as allowing all traffic from any source).
  7. To remove an unrestricted rule, click on the “X” button next to the rule to delete it.
  8. Alternatively, you can edit the rule by clicking on the “Edit” button and modifying the source IP range or protocol/port to restrict the access.
  9. Repeat the process for all unrestricted inbound rules until the default security group only allows the necessary and restricted inbound access.
  10. Once you have updated the rules, click on the “Save rules” button to apply the changes.

Additional Reading: