UNKNOWN
Source
CloudSploit
ID
default-security-group

Default Security Group

Ensure the default security groups block all traffic by default

The default security group is often used for resources launched without a defined security group. For this reason, the default rules should be to block all traffic to prevent an accidental exposure.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. Scroll down the left navigation panel and choose “Instances”.

  4. Select the “Instance” that needs to be verified and click on its name from the “Name” column.Step

  5. Scroll down the page and under “Description” check for “Security Groups”. If the “Security Groups” is set to “default” then the EC2 network configuration is not following AWS security best practices.Step

  6. Repeat steps number 2 - 5 to verify other “EC2 Instances”.

  7. Scroll down the left navigation panel and choose “Security Groups” under “Network & Security”.Step

  8. Click on the “Create Security Group” to create a new group as per our “EC2 Instance” requirements.Step

  9. Provide a name to the “Security Group” and select the “Inbound” and “Outbound” traffic rules as per the requirements.Step

  10. Click on the “Create” button at the bottom of the “Create Security Group” tab to create the new security group.Step

  11. Scroll the left navigation panel and choose “Instances”.

  12. Select the “EC2 Instance” whose “Security Group” needs to be updated.Step

  13. Click on the “Actions” button at the top and click on the “Networking” and choose the “Change Security Group” option.Step

  14. Select the new “Security Group” created and click on the “Assign Security Groups” button to attach the selected “Security Group” to the selected “EC2 Instance”.Step

  15. Repeat steps number 8 - 14 to update the “Security Group” as per the requirements.