More Info:
Default security groups should block all traffic by default. EC2 instances should not be associated with default security groups.Risk Level
MediumAddress
SecurityCompliance Standards
NISTTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of default security groups allowing all traffic in AWS, follow these steps using the AWS Management Console:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in with your credentials.
- Navigate to the EC2 Dashboard: Click on the “Services” dropdown in the top left corner and select “EC2” under the Compute section.
- Access Security Groups: In the EC2 Dashboard, locate and click on the “Security Groups” option in the left-hand navigation pane.
- Identify Default Security Group: Look for the default security group in the list of security groups. The default security group usually has the Group Name as “default” and the description as “default VPC security group”.
- Edit Inbound Rules: Click on the default security group to select it. Then, navigate to the “Inbound rules” tab at the bottom of the dashboard.
- Remove All Inbound Rules: You will see a list of inbound rules that allow traffic to the instances associated with this security group. To block all traffic, you need to remove all existing inbound rules.
- Add Necessary Rules: After removing all inbound rules, you can add specific rules based on your requirements. Click on the “Edit inbound rules” button and add rules for the specific ports and protocols that your instances need to communicate with.
- Save Changes: Once you have added the necessary rules, click on the “Save rules” button to apply the changes to the default security group.
- Verify Changes: Verify that the default security group now only allows traffic based on the rules you have defined.
Using CLI
Using CLI
To remediate the misconfiguration of default security groups allowing all traffic in AWS using AWS CLI, follow these steps:
- List all default security groups in your AWS account:
- Identify the default security group that allows all traffic.
- Get the Group ID of the default security group that allows all traffic:
- Update the inbound rules of the default security group to deny all traffic:
- Update the outbound rules of the default security group to deny all traffic:
YOUR_GROUP_ID with the Group ID of the default security group that allows all traffic.By following these steps, you will successfully remediate the misconfiguration of default security groups allowing all traffic in AWS using AWS CLI.Using Python
Using Python
To remediate the misconfiguration of default security groups allowing all traffic in AWS using Python, you can use the AWS SDK for Python (Boto3) to update the inbound and outbound rules of the default security group to deny all traffic. Here are the step-by-step instructions to remediate this issue:After running this script, the default security group in your AWS account will be updated to block all inbound and outbound traffic. Make sure to review the changes and ensure they align with your security requirements.
- Install Boto3: If you haven’t already installed Boto3, you can do so using pip:
- Write a Python script to update the default security group:
- Run the Python script: Execute the Python script to update the default security group rules to deny all traffic.