Network misconfigurations

Security group allows inbound access to TCP port 9200 (Elasticsearch)

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCM-CSA
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • ISO/IEC 27001
  • ,
  • Mitre ATT&CK v12
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • UK Cyber Essentials

Description

An AWS Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. We identified the security group ""{AwsEc2SecurityGroup}"" ({AwsEc2SecurityGroup.GroupId}) is configured to allow inbound access to TCP port 9200 (Elasticsearch) from any IP address (0.0.0.0/0 or ::/0).
  • Recommend icon

    Recommended Mitigation

    Ensure security groups in your account are configured to allow access to TCP port 9200 (Elasticsearch) from specific IP addresses only. More details can be found in <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html</a>