Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > EC2 >

Default Security Group

MEDIUM
Source
CloudSploit
ID
default-security-group
management console

Default Security Group

Ensure the default security groups block all traffic by default

The default security group is often used for resources launched without a defined security group. For this reason, the default rules should be to block all traffic to prevent an accidental exposure.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. Scroll down the left navigation panel and choose “Instances”.

  4. Select the “Instance” that needs to be verified and click on its name from the “Name” column.Step

  5. Scroll down the page and under “Security” check for “Security Groups”. If the “Security Groups” is set to “default” then the EC2 network configuration is not following AWS security best practices.Step

  6. Repeat steps number 2 - 5 to verify other “EC2 Instances”.

  7. Scroll down the left navigation panel and choose “Security Groups” under “Network & Security”.Step

  8. Click on the “Create security group” to create a new group as per our “EC2 Instance” requirements.Step

  9. Provide a name to the “Security Group” and select the “Inbound” and “Outbound” traffic rules as per the requirements.Step

  10. Click on the “Create security group” button at the bottom of the “Create Security Group” page to create the new security group.Step

  11. Scroll the left navigation panel and choose “Instances”.

  12. Select the “EC2 Instance” whose “Security Group” needs to be updated.Step

  13. Click on the “Actions” button at the top and click on “Security” and choose the “Change security group” option.Step

  14. Click on the search box under “Associated security groups” section and choose the newly created security group from the dropdown.Step

  15. Click on “Add security group” to the selected “EC2 Instance”.Step

  16. Remove any other security group as needed by clicking on “Remove” button under “Security groups associated with the network interface”. Step

  17. Repeat steps number 8 - 16 to update the “Security Group” as per the requirements.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use