Risk Level: Medium
Cloud Entity: AWS Security Group
CloudGuard Rule ID: D9.AWS.NET.57
Covered by Spectral: No
Category: Networking & Content Delivery
SecurityGroup where networkAssetsStats contain-all [ count = 0 ] or networkInterfaces isEmpty() should not have inboundRules with [ scope='0.0.0.0/0' and portTo=0]
Use following steps to delete the unused security group.
- Note down the unused Security Groups detected by the CloudGuard Report.
- Go to EC2 console and navigate to security groups.
- Select all the security groups and click on 'Actions'.
- Click on 'Delete security groups'.
Use following steps to delete the identified inbound rules where the scope is set to 0.0.0.0/0 and port 0..
- Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home
- In the left pane, click Security Groups
- For each security group, perform the following:
- Select the security group to update, choose Actions, and then choose Edit inbound rules to remove an inbound rule or Edit outbound rules to remove an outbound rule.
- Choose the Delete button to the right of the rule to delete.
- Choose Preview changes, Confirm.
From Command Line:
Identify the security group open to all and run the following command to delete an EC2 security group created within EC2-Classic.
aws ec2 delete-security-group --region region_name --group-name security_group_name
Identify the security group open to all and run the following command to delete an EC2 security group created within EC2-VPC.
aws ec2 delete-security-group --region region_name --group-id security_group_id
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.
- AWS CIS Controls V 8
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated 2 months ago