Skip to main content

💼 [EC2.19] Security groups should not allow unrestricted access to ports with high risk

Contextual name: 💼 [EC2.19] Security groups should not allow unrestricted access to ports with high risk
ID: /frameworks/aws-fsbp-v1.0.0/ec2/19
Located in: 💼 Elastic Compute Cloud (EC2)

Description

Security groups provide stateful filtering of ingress and egress network traffic to AWS resources. Unrestricted access (0.0.0.0/0) increases opportunities for malicious activity, such as hacking, denial-of-service attacks, and loss of data.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-19
Internal
- ID: dec-c-b5998611

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	61	73
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows		35	39
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			15
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		13
💼 NIST SP 800-53 Revision 5 → 💼 CM-2(2) Baseline Configuration _ Automation Support for Accuracy and Currency			13
💼 NIST SP 800-53 Revision 5 → 💼 CM-7 Least Functionality	9		11
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection	29	5	33
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			17
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception		5	19
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic			15
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components			16
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components			16

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (10)

Policy	Logic Count	Flags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted CIFS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted Telnet traffic 🟢	1	🟢 x6

Description
Similar
Similar Sections (Give Policies To)
Sub Sections
Policies (10)