Amazon Security Groups
π Allowing ingress from large network spaces in security groups can expose AWS resources to significant security threats. It is critical to investigate and restrict access to minimize the risk of unauthorized entry and potential breaches.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Using default security groups for AWS resources can lead to security misconfigurations and vulnerabilities. Customizing security groups to specific needs is essential for robust security and proper access control.
- Section: Inbound Traffic
- Severity: Medium
- CWE: CWE-16 Configuration
- Assurance Scope: NIST
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Rapticore Benchmark
π Allowing all inbound public traffic in security groups requires careful evaluation and business approval. This practice can expose resources to external threats, making scrutiny and justification of such configurations critical.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Provisioning AWS RDS instances in public subnets exposes them to the internet, increasing the risk of unauthorized access and attacks. Keeping RDS instances in private subnets is vital for their protection and security.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Hosting backend EC2 instances in public subnets can significantly increase the risk of exposure to the internet and potential attacks. Utilizing private subnets for backend instances is crucial for enhanced security and protection.
- Section: Inbound Traffic
- Severity: High
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST, GDPR, HIPPA
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Configuring security groups of Amazon EKS clusters to permit inbound traffic only on TCP port 443 is crucial for secure communications. This minimizes the exposure of the clusters to potential threats and unauthorized access.
- Section: Inbound Traffic
- Severity: High
- CWE: CWE-319 Cleartext Transmission of Sensitive Information
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Spoofing, Tampering
- Rule Set: Rapticore Benchmark
π Allowing unrestricted SSH access from the internet (0.0.0.0/0) poses a significant security risk. It's crucial to restrict SSH access to specific, trusted IPs to prevent unauthorized access and potential security breaches.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open RDP access from the internet (0.0.0.0/0) significantly increases the risk of cyber attacks and unauthorized access. It's imperative to restrict RDP access to specific IP addresses to
ensure security and minimize risks.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing open access to Memcache port 11211 from the internet can lead to severe security vulnerabilities, including data exposure and DDoS attacks. Such access should be tightly controlled and restricted to trusted sources.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to Redis port 6379 from the internet poses significant risks, such as unauthorized access and data compromise. Restricting access to trusted IPs is essential for safeguarding Redis databases.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing ingress from any IP (0.0.0.0/0) to CIFS port 445 significantly increases the risk of cyber attacks, including ransomware and data breaches. It's vital to restrict this access to enhance security and protect resources.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to DNS port 53 from the internet can expose systems to DNS attacks and unauthorized access. It's crucial to restrict this access to maintain the security and integrity of DNS services.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Unrestricted access to Elastic Search port 9200 from the internet can lead to data breaches and unauthorized access. Tightening access to trusted IPs is essential for the protection of Elastic Search instances.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing unrestricted FTP access from the internet can result in data leakage and unauthorized file transfers. Restricting FTP access to specific IP addresses is crucial for data security and preventing unauthorized access.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing unrestricted access to MongoDB port 27017 from the internet (0.0.0.0/0) can lead to significant security vulnerabilities, including unauthorized access and potential data breaches. Restricting this access is crucial for database security.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to MySQL port 3306 from the internet (0.0.0.0/0) poses a high risk of cyber attacks and unauthorized access. It is essential to limit access to this port to specific, trusted IP addresses for enhanced security.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing unrestricted access to MSSQL port 1433 from the internet can lead to severe security vulnerabilities, including unauthorized access to critical database resources. Restricting access to this port is critical for database protection.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to Oracle port 1521 from any source (0.0.0.0/0) increases the risk of unauthorized access and potential data breaches. Ensuring restricted access to this port is vital for securing Oracle databases.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing ingress from any IP address to PostgreSQL port 5432 (0.0.0.0/0) can expose the database to significant security risks. Implementing strict access controls to this port is essential for maintaining database security and integrity.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing unrestricted access to RPC port 135 from the internet (0.0.0.0/0) poses a significant security risk. It's crucial to restrict access to this port to prevent unauthorized entry and potential security breaches.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to RPC port 139 from the internet (0.0.0.0/0) can lead to security vulnerabilities, including unauthorized access and potential exploits. It is vital to restrict access to enhance system security.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Allowing access to Telnet port 23 from any IP address (0.0.0.0/0) significantly increases the risk of unauthorized access and data breaches. Implementing strict access control for this port is essential for network security.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
π Open access to SMTP port 25 from the internet (0.0.0.0/0) can expose mail servers to spam and phishing attacks. Securing this port by restricting access is crucial for protecting email communications and preventing abuse.
- Section: Inbound Traffic
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering, Escalation of Privileges
- Rule Set: Rapticore Benchmark
Updated 5 months ago