More Info:

Security groups should not have all ports or protocols open to the internal traffic. Security groups should be created on a per-service basis and avoid allowing all ports or protocols even for internal access.

Risk Level

Medium

Address

Security

Compliance Standards

NIST

Triage and Remediation

Remediation

To remediate the issue of ports being open for internal traffic in AWS Security Groups, you can follow these steps using the AWS Management Console:

  1. Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console.

  2. Navigate to the EC2 Dashboard: Click on the “Services” dropdown menu at the top of the page, select “EC2” under the Compute section.

  3. Select Security Groups: In the EC2 Dashboard, on the left-hand side, under “Network & Security”, click on “Security Groups”.

  4. Identify the Security Group: Identify the security group that has ports open for internal traffic that you want to remediate.

  5. Edit Inbound Rules: Select the security group by clicking on the checkbox next to it, then click on the “Inbound Rules” tab at the bottom.

  6. Review Inbound Rules: Review the existing inbound rules to identify the ports that are open for internal traffic.

  7. Remove Internal Traffic Rules: To remediate the issue, you need to remove the rules that allow internal traffic. Select the rule that allows internal traffic (usually with a source IP range corresponding to the VPC CIDR block or a specific security group), then click on the “Delete” button.

  8. Add Specific Rules: If necessary, you can add specific rules to allow traffic only from trusted sources. Click on the “Add Rule” button, select the type of rule (e.g., HTTP, HTTPS, SSH), specify the allowed source (e.g., your IP address, a specific IP range), and click “Save”.

  9. Review Changes: Review the changes you have made to ensure that only necessary ports are open for external traffic.

  10. Save Changes: Once you are satisfied with the changes, click on the “Save Rules” button to apply the updated security group configuration.

By following these steps, you can remediate the issue of ports being open for internal traffic in AWS Security Groups and ensure that your resources are properly secured.

Additional Reading: