Ensure that your Amazon EC2 security groups don't allow unrestricted access (i.e. 0.0.0.0/0 or ::/0) on uncommon ports in order to protect against attackers that use brute force methods to gain access to the EC2 instances associated with your security groups. An uncommon port can be any TCP/UDP port that is not included in the common service ports category, i.e. other than the commonly used ports such as 80 (HTTP), 443 (HTTPS), 20/21 (FTP), 22 (SSH), 23 (Telnet), 53 (DNS), 3389 (RDP), 25/465/587 (SMTP), 3306 (MySQL), 5432 (PostgreSQL), 1521 (Oracle Database), 1433 (SQL Server), 135 (RPC), and 137/138/139/445 (SMB/CIFS).
This rule can help you with the following compliance standards:
- PCI
- HIPAA
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Allowing unrestricted inbound/ingress access to Amazon EC2 instances on uncommon TCP/UDP ports can increase opportunities for malicious activities such as hacking, data capture, and all kinds of attacks (brute-force attacks, Man-in-the-Middle attack, and Denial-of-Service attacks).
Audit
To determine if your Amazon EC2 security groups allow unrestricted ingress access on uncommon TCP/UDP ports, perform the following operations:
Remediation / Resolution
To update the inbound rule configuration for your Amazon EC2 security groups in order to restrict access to trusted entities only (i.e. authorized IP addresses and IP ranges, or other security groups), perform the following operations:
References
- AWS Documentation
- Amazon EC2 security groups for Linux instances
- Work with security groups
- Security group rules for different use cases
- Authorize inbound traffic for your Linux instances
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- revoke-security-group-ingress
- authorize-security-group-ingress
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider