EC2 Security Group Unrestricted Access

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)

Check for AWS EC2 security groups that allow unrestricted inbound and/or outbound access (0.0.0.0/0 or ::/0) on both common and uncommon ports (except 80 and 443 ports) in order to secure the access at the EC2 instance level. Cloud Conformity strongly recommends access restrictions on any opened ports, except for the 80 (HTTP) and 443 (HTTPS) web-facing ports that allow inbound access only.

Security

Implementing access restrictions at the EC2 level can protect your instances against malicious attacks such as brute-force attacks, Denial of Service (DoS) attacks, man-in-the-middle attacks (MITM) and prevent hacking or loss of data.

Note: If your EC2 instance require custom access and there are already implemented access restrictions at the OS level using software firewalls such as iptables or Windows Server Firewall, you can choose to disable this rule, although is NOT recommended. Ideally, these two methods should be used to complement each other.


Severity Levels

Cloud Conformity provides 2 levels of severity for this checkup – High and Very High, allowing you to change the level based on your requirements.

Rules

Publication date Jun 19, 2016

Unlock the Remediation Steps


Gain free unlimited access
to our full Knowledge Base


Over 750 rules & best practices
for AWS and Azure

You are auditing:

EC2 Security Group Unrestricted Access

Risk level: Medium