Default security group allows inbound or outbound traffic

Network misconfigurations

Default security group allows inbound or outbound traffic

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
CCM-CSA
HITRUST

Description

An AWS Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. The default security group ""{AwsEc2SecurityGroup}"" ({AwsEc2SecurityGroup.GroupId}) is configured to allow inbound or outbound access, which is considered a bad practice. Default security group cannot be deleted, and should be restricted. This prevents undesired traffic in case the default security group will accidentally be configured for resources such as EC2 instance.

Recommended Mitigation

Ensure the default security group in your account is configured to restrict all inbound and outbound traffic. More details can be found in https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#DefaultSecurityGroup

Default security group allows inbound or outbound traffic

Description

Need help?