Back to All Checks
High EC2 Regional

Security groups should not allow ingress from 0.0.0.0/0 or ::/0 to port 22

CISPCI DSSNISTISO 27001HIPAA

Description

Checks whether security groups allow ingress from 0.0.0.0/0 to port 22.

Remediation

To comply with this control, modify security groups to ensure they do not allow ingress from 0.0.0.0/0 to port 22 (SSH).

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, click on 'Security Groups'.
  3. Select the security group you want to modify.
  4. In the 'Inbound rules' tab, look for rules that allow SSH traffic (port 22) from 0.0.0.0/0.
  5. If such a rule exists, click on 'Edit inbound rules' and either modify the source to a more restricted IP range or delete the rule.
  6. Click on 'Save rules' to apply the changes.
  7. Verify that the security group no longer allows ingress from 0.0.0.0/0 to port 22.

Compliance

CISPCI DSSNISTISO 27001HIPAA
Start Your Free Security Check