AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Ports Should Not Be Open for External Traffic
More Info:
Security groups should not have all ports or protocols open to the public. Security groups should be created on a per-service basis and avoid allowing all ports or protocols.
Risk Level
Medium
Address
Security
Compliance Standards
NIST
Triage and Remediation
Remediation
To remediate the issue of ports being open for external traffic in AWS Security Groups, follow these steps using the AWS Management Console:
- Sign in to the AWS Management Console.
- Navigate to the EC2 dashboard.
- In the navigation pane, under the ‘Network & Security’ section, click on ‘Security Groups’.
- Select the security group that has the open ports for external traffic that you want to remediate.
- Click on the ‘Inbound rules’ tab.
- Identify the rule that allows external traffic (0.0.0.0/0) to access the specific port(s).
- Click on the ‘Edit inbound rules’ button.
- Select the rule that allows the unwanted external traffic and click on the ‘Delete’ button to remove it.
- Click on the ‘Save rules’ button to apply the changes.
- Verify that the rule allowing external traffic to the specific port(s) has been removed successfully.
By following these steps, you have successfully remediated the issue of ports being open for external traffic in the AWS Security Group.
To remediate the issue of ports being open for external traffic in AWS Security Groups using AWS CLI, follow these steps:
- Identify the security group that has the open port for external traffic. You can use the following AWS CLI command to list all security groups in your AWS account:
aws ec2 describe-security-groups
-
Once you have identified the security group that needs to be remediated, note down the Group ID of the security group.
-
Use the following AWS CLI command to revoke the ingress rule that allows external traffic to the port in the security group. Replace
<group-id>and<ip-permission-id>with the actual values:
aws ec2 revoke-security-group-ingress --group-id <group-id> --ip-permissions '[{"IpProtocol": "tcp", "FromPort": <port-number>, "ToPort": <port-number>, "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "IpPermissionId": "<ip-permission-id>"}]'
- Verify that the ingress rule has been revoked successfully by describing the security group again:
aws ec2 describe-security-groups --group-ids <group-id>
- Repeat the above steps for any other security groups that have open ports for external traffic.
By following the above steps, you can successfully remediate the issue of ports being open for external traffic in AWS Security Groups using AWS CLI.
To remediate the issue of ports being open for external traffic in AWS Security Groups using Python, you can use the AWS SDK for Python (Boto3) to update the security group rules. Here are the step-by-step instructions to remediate this issue:
- Install the Boto3 library if you haven’t already:
pip install boto3
- Use the following Python script to identify and close the open ports in the security groups:
import boto3
# Initialize the EC2 client
ec2 = boto3.client('ec2')
# Define the security group ID that you want to remediate
security_group_id = 'YOUR_SECURITY_GROUP_ID'
# Describe the current inbound rules of the security group
response = ec2.describe_security_groups(GroupIds=[security_group_id])
# Iterate over each inbound rule and revoke the open ports
for rule in response['SecurityGroups'][0]['IpPermissions']:
if 'FromPort' in rule and 'ToPort' in rule:
from_port = rule['FromPort']
to_port = rule['ToPort']
if from_port != to_port:
ec2.revoke_security_group_ingress(
GroupId=security_group_id,
IpPermissions=[{
'FromPort': from_port,
'ToPort': to_port,
'IpProtocol': rule['IpProtocol'],
'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
}]
)
else:
ec2.revoke_security_group_ingress(
GroupId=security_group_id,
IpPermissions=[{
'FromPort': from_port,
'ToPort': to_port,
'IpProtocol': rule['IpProtocol'],
'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
}]
)
print("Security group remediated successfully.")
-
Replace
'YOUR_SECURITY_GROUP_ID'with the actual ID of the security group that you want to remediate. -
Run the Python script. It will iterate over each inbound rule in the specified security group and revoke the open ports for external traffic.
By following these steps, you can remediate the issue of open ports for external traffic in AWS Security Groups using Python and the Boto3 library.