> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Default Security Groups Should Block All Traffic

### More Info:

Default security groups should block all traffic by default. EC2 instances should not be associated with default security groups.

### Risk Level

Medium

### Address

Security

### Compliance Standards

NIST

### Triage and Remediation

<Tabs>
  <Tab title="Remediation">
    ### Remediation

    <AccordionGroup>
      <Accordion title="Using Console" defaultOpen="true">
        To remediate the misconfiguration of default security groups allowing all traffic in AWS, follow these steps using the AWS Management Console:

        1. **Login to AWS Console**: Go to the AWS Management Console ([https://aws.amazon.com/console/](https://aws.amazon.com/console/)) and log in with your credentials.

        2. **Navigate to the EC2 Dashboard**: Click on the "Services" dropdown in the top left corner and select "EC2" under the Compute section.

        3. **Access Security Groups**: In the EC2 Dashboard, locate and click on the "Security Groups" option in the left-hand navigation pane.

        4. **Identify Default Security Group**: Look for the default security group in the list of security groups. The default security group usually has the Group Name as "default" and the description as "default VPC security group".

        5. **Edit Inbound Rules**: Click on the default security group to select it. Then, navigate to the "Inbound rules" tab at the bottom of the dashboard.

        6. **Remove All Inbound Rules**: You will see a list of inbound rules that allow traffic to the instances associated with this security group. To block all traffic, you need to remove all existing inbound rules.

        7. **Add Necessary Rules**: After removing all inbound rules, you can add specific rules based on your requirements. Click on the "Edit inbound rules" button and add rules for the specific ports and protocols that your instances need to communicate with.

        8. **Save Changes**: Once you have added the necessary rules, click on the "Save rules" button to apply the changes to the default security group.

        9. **Verify Changes**: Verify that the default security group now only allows traffic based on the rules you have defined.

        By following these steps, you have successfully remediated the misconfiguration of default security groups allowing all traffic in AWS.
      </Accordion>

      <Accordion title="Using CLI">
        #

        To remediate the misconfiguration of default security groups allowing all traffic in AWS using AWS CLI, follow these steps:

        1. List all default security groups in your AWS account:

        ```bash theme={null}
        aws ec2 describe-security-groups --filters Name=group-name,Values=default
        ```

        2. Identify the default security group that allows all traffic.

        3. Get the Group ID of the default security group that allows all traffic:

        ```bash theme={null}
        aws ec2 describe-security-groups --group-names default --query 'SecurityGroups[0].GroupId' --output text
        ```

        4. Update the inbound rules of the default security group to deny all traffic:

        ```bash theme={null}
        aws ec2 revoke-security-group-ingress --group-id YOUR_GROUP_ID --protocol all --port all --cidr 0.0.0.0/0
        ```

        5. Update the outbound rules of the default security group to deny all traffic:

        ```bash theme={null}
        aws ec2 revoke-security-group-egress --group-id YOUR_GROUP_ID --protocol all --port all --cidr 0.0.0.0/0
        ```

        Replace `YOUR_GROUP_ID` with the Group ID of the default security group that allows all traffic.

        By following these steps, you will successfully remediate the misconfiguration of default security groups allowing all traffic in AWS using AWS CLI.
      </Accordion>

      <Accordion title="Using Python">
        To remediate the misconfiguration of default security groups allowing all traffic in AWS using Python, you can use the AWS SDK for Python (Boto3) to update the inbound and outbound rules of the default security group to deny all traffic. Here are the step-by-step instructions to remediate this issue:

        1. Install Boto3: If you haven't already installed Boto3, you can do so using pip:

        ```bash theme={null}
        pip install boto3
        ```

        2. Write a Python script to update the default security group:

        ```python theme={null}
        import boto3

        # Initialize the EC2 client
        ec2 = boto3.client('ec2')

        # Get the default security group ID
        response = ec2.describe_security_groups(Filters=[{'Name': 'group-name', 'Values': ['default']}])
        default_security_group_id = response['SecurityGroups'][0]['GroupId']

        # Revoke all inbound rules
        ec2.revoke_security_group_ingress(
            GroupId=default_security_group_id,
            IpPermissions=[{'IpProtocol': '-1', 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]}]
        )

        # Revoke all outbound rules
        ec2.revoke_security_group_egress(
            GroupId=default_security_group_id,
            IpPermissions=[{'IpProtocol': '-1', 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]}]
        )

        print("Default security group rules updated to deny all traffic.")
        ```

        3. Run the Python script: Execute the Python script to update the default security group rules to deny all traffic.

        ```bash theme={null}
        python update_default_security_group.py
        ```

        After running this script, the default security group in your AWS account will be updated to block all inbound and outbound traffic. Make sure to review the changes and ensure they align with your security requirements.
      </Accordion>
    </AccordionGroup>
  </Tab>
</Tabs>

### Additional Reading:

* [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#default-security-group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#default-security-group)
