/
AWS-SecurityGroup-Default-Security-Group-Restricts-All-Traffic

AWS-SecurityGroup-Default-Security-Group-Restricts-All-Traffic

Severity: Medium

Description: This controls ensures that  the default security group for every VPC restricts all traffic. Default security group for VPC has initial settings deny all inbound traffic, allow all outbound traffic, and allow all traffic between instances assigned to the security group. An instance is automatically assigned to this default security group, if no other security group is specified.  It is recommended that the default security group restrict all traffic.

Remediation Steps:

Perform following to modify the default security group for VPC:

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Step 1 : Update Security Group Members

    1. Identify AWS resources that exist within the default security group

    2. Create a set of least privilege security groups for those resources

    3. Place the resources in those security groups

    4. Remove the resources noted in #1 from the default security group

  3. Step 2 : Update Security Group State

  4. Navigate to Security Group console, For each default security group, perform the following.

    1. Select the default security group

    2. Click the Inbound Rules tab

    3. Remove any inbound rules

    4. Click the Outbound Rules tab

    5. Remove any outbound rules

Important:

Reference:

Related content

AWS-SecurityGroup-Security-Group-Ingress-Filtering-Missing
AWS-SecurityGroup-Security-Group-Ingress-Filtering-Missing
Read with this
AWS-SecurityGroup-Unused-Security-Group
AWS-SecurityGroup-Unused-Security-Group
Read with this
AWS-SecurityGroup-Security-Groups-With-Wide-Public-Ranges
AWS-SecurityGroup-Security-Groups-With-Wide-Public-Ranges
Read with this
AWS-SecurityGroup-Security-Group-Unrestricted-Access
AWS-SecurityGroup-Security-Group-Unrestricted-Access
Read with this
AWS-IAM-Admin-Privilege-Custom-Policy
AWS-IAM-Admin-Privilege-Custom-Policy
Read with this
AWS-EC2-Default-Security-Group
AWS-EC2-Default-Security-Group
Read with this

Blue Hexagon Proprietary