Alert Logic has checks in place to alert customers that Security Groups assigned to EC2 instances are open to the world and could allow malicious traffic to reach critical infrastructure. Customers also have the ability to implement custom checks via Amazon Web Services Lambda that can be used to further specify business-specific Security Group rules to enhance environmental security posture.
Types of Unrestricted Inbound Access
Unrestricted Inbound Access
Security groups were found to have rules that allowed unrestricted access. Unrestricted access could allow for malicious activity, including—but not limited to—hacking, denial-of-service attacks, or loss of data. It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.
Unrestricted Inbound Access—Specific Ports 1
Security Groups were found to have rules that allowed unrestricted access (0.0.0.0/0) on ports 20, 21, 22, 23, 25, 53, 135, 137, 138, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500, or 5900. Unrestricted access could allow for malicious activity, including—but not limited to—hacking, denial-of service attacks, or loss of data.
It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.
Unrestricted Inbound Access—Specific Ports 2
Security Groups were found to have rules that allowed unrestricted access (0.0.0.0/0) on any other ports than 20, 21, 22, 23, 25, 53, 80, 135, 137, 138, 443, 445, 465, 1433, 1434, 3306, 3389, 4333, 5432, 5500, or 5900. Unrestricted access could allow for malicious activity, including—but not limited to—hacking, denial-of-service attacks, or loss of data.
It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.
Comments
0 comments
Please sign in to leave a comment.