Network misconfigurations

Elastic Load Balancer (ELBV2) with public access

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, UK Cyber Essentials

Description

Elastic Load Balancer (ELB) supports multiple load balancers types, each provide different feature in multiple network layers (application, network, transport). The elastic load balancer {AwsEc2Elbv2} was discovered to be associated with a security group {AwsEc2Elbv2.SecurityGroups} that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.