Instance with unencrypted Memcached (TCP:11211) is exposed to a wide network scope
Risk Level: Medium
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.NET.AG2.4.Instance.11211.TCP
Covered by Spectral: No
Category: Compute
GSL LOGIC
Instance where inboundRules contain [port <= 11211 and portTo >= 11211 and protocol in ('TCP','ALL')] should not have inboundRules contain [port <= 11211 and portTo >= 11211 and protocol in ('TCP','ALL') and scope numberOfHosts() > 256]REMEDIATION
It is recommended to remove the rules that allow permissive SSH/Remote/Admin access.
If public interface exists, remove it and limit the access scope within the VPC only to applications or instances that requires access.
Amazon Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
As a further protection, use CloudGuard Dynamic Access Leasing to limit access to SSH/Remote Desktop only from allowed sources and only when needed.
For more information please refer to: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Network-Security/DynAccessLease.html?tocpath=Network%20Security%7C_____3
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- LGPD
- NETWSEC-V2
Updated 7 months ago