Overview
One of the most common security concerns are around security groups. HyperCloud provides AWS security group rules that can be evaluated against your AWS subscription.
Security Group Rules
-
CHECK SECURITY GROUP ALLOWS TRAFFIC TO ITSELF
-
Checks if security groups allows traffic to itself by checking if source equals to security group ID.
-
-
CHECK UNUSED SECURITY GROUP
-
Checks if there are unused security groups.
-
Security groups are associated with network interfaces. If a security group does not have any associated network interface with it then the security group is unused.
-
-
CHECK SECURITY GROUP ALL ICMPV4 OPEN TO PUBLIC
-
Checks if all ICMPV4 is open to public on a security group.
-
-
CHECK SECURITY GROUP ALL ICMPV6 OPEN TO PUBLIC
-
Checks if all ICMPV6 is open to public on a security group.
-
-
CHECK SECURITY GROUP UDP OPEN TO PUBLIC
-
Checks if custom UDP is open to public on a security group.
-
Checks if user has opened specific UDP port or port range on a security group. Port groups can be taken as comma separated (443,8443,9090) or a range (1-65535) open to public.
-
Remediation : Delete security group ingress UDP rule that allows access to public on port or port range inputted by user in Security policy
-
-
CHECK SECURITY GROUP TCP OPEN TO PUBLIC
-
Checks if custom TCP is open to public on a security group.
-
Checks if user has opened a specific TCP port or port range on a security group. Port groups can be taken as comma separated (443,8443,9090) or a range (1-65535) open to public.
-
Remediation : Delete security group ingress TCP rule that allows access to public on port or port range inputted by a user in the security policy.
-
-
SECURITY GROUP ALLOWS ALL OUTGOING TRAFFIC
-
Checks if security group allows all outgoing traffic.
-
Default is allowed.
-
-
SECURITY GROUP ALL INCOMING PORTS OPEN
-
Checks if all incoming ports are open to public.
-
Remediation : Delete All Incoming port rule from Security Group
-
New Remediation
These rules exist only if remediation is added.
-
CHECK SECURITY GROUP SSH OPEN TO PUBLIC
-
Delete security group ingress SSH rule that allows access to public.
-
-
CHECK SECURITY GROUP RDP OPEN TO PUBLIC
-
Delete security group ingress RDP rule that allows access to public.
-
Security Group Policy
To enable a Security group policy on your AWS account:
-
Login to your HCP account.
-
Navigate to Governance & Security> Security Policies> New.
-
Select an AWS account. Select the region and provide the name and description (optional).
-
Click Next.
-
Select Security Group filter from Category Filter.
6. Select the Rules you wish to enable.
7. Go through the wizard and create a policy. Once the policy is executed, you will be able to see the compliance results at Governance & Security> Reports>Compliance Analysis.
Comments
0 comments
Please sign in to leave a comment.