Severity : Critical
Description : The default security group is often used for resources launched without a defined security group. For this reason, the default rules should be set to block all traffic to prevent an accidental exposure.
Remediation Steps : Update the rules for the default security group to deny all traffic by default