AWS security groups are meant for safeguarding your resources and infrastructure in cloud. But, have you ever thought of the damage that these security groups can cause if they are configured with rules that allow unrestricted access to your resources? Let us dig more about the scenario.
What are AWS security groups?
Security groups are associated with your AWS EC2 instances and provide security at the protocol and port access level. Each security group works in the same way as a firewall. It contains a set of rules that filter the ingress and egress traffic of an EC2 instance. There is no ‘Deny’ rule in a security group. Rather, if there is no rule that explicitly permits a data packet, it will be dropped.
Security groups allowing unrestricted access to your EC2 instances
It is necessary to make sure that your AWS security groups do not allow unrestricted access to your EC2 instances. Unrestricted access becomes a pathway for various malicious activities and attacks. These security attacks can be hacking, denial-of-service attacks, loss of data, etc. It can not only hamper your daily operations but also comprise the confidentiality of your cloud environment. Apart from common security ports such as port no. 25 (Simple Mail Transfer Protocol (SMTP)), port no.80 (Hyper Text Transfer Protocol) and port no. 443 (standard TCP protocol for websites using SSL), access to all other ports must be restricted in your security groups.
Centilytics provides a dedicated insight that keeps a check on security groups attached to your EC2 instances. It then lists down all the security groups with rules allowing unrestricted access to EC2 resources. This helps you to take the necessary measures from a security standpoint.
There can be 1 possible scenario:
|Critical||This indication will be displayed when AWS security groups attached to your EC2 instance(s) allow unrestricted access for ports other than ports 25, 80 and 443.|
Description of further columns are as follows:
- Account Id: This column shows the respective account ID of the user’s account.
- Account Name: This column shows the Account Id of the user’s account.
- Region: This column shows the region in which the resources exist.
- Group Name: This column shows the name of the security group.
- Identifier: This column shows the security group ID of your security group.
- Protocol: This column shows the name of the protocol.
- CIDR IP: This column shows the Ip address of your connection.
- From Port: This column shows the source port from which the connection is being routed.
- To Port: This column shows the destination port to which the connection is being routed.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying the region filter will display data according to the selected region.|
|Severity||Applying severity filter will display data according to the selected severity type. This means, selecting Critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production).
Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.
|Compliance Name||Reference No.||Link|