Database Migration Service unrestricted traffic by protocol

Network misconfigurations

Database Migration Service unrestricted traffic by protocol

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Database Migration Services (DMS) are associated with security groups in order to allow other users to access it. DMS replication ""{AwsDmsReplicationInstance}"" is associated with security groups which allow inbound access with unspecified protocol. These security groups are - {AwsDmsReplicationInstance.VpcSecurityGroups}. Allowing unrestricted access to the DMS may put your data at risk

Recommended Mitigation

It is recommended to associate DMS replication with security groups that allow inbound traffic only with explicitly specified protocol. More information can be found here: <a href="https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.VPC.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.VPC.html</a>

Database Migration Service unrestricted traffic by protocol

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS