Back to All Checks
High EC2 Regional

Security groups should only allow unrestricted incoming traffic for authorized ports

CISISO 27001

Description

Checks whether security groups only allow unrestricted incoming traffic for authorized ports.

Remediation

To comply with this control, modify security groups to ensure only authorized ports allow unrestricted incoming traffic.

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, click on 'Security Groups'.
  3. Select the security group you want to modify.
  4. In the 'Inbound rules' tab, review the rules to identify any that allow unrestricted incoming traffic (0.0.0.0/0) on unauthorized ports.
  5. For each rule that does not comply, click on 'Edit inbound rules'.
  6. Modify the source to restrict access to authorized ports only, or delete the rule if it is not required.
  7. Click on 'Save rules' to apply the changes.
  8. Verify that the security group now only allows unrestricted incoming traffic for authorized ports.

Compliance

CISISO 27001
Start Your Free Security Check