Security and Compliance Rules for Network Security
Overview
One of the most common security concerns are around security groups. HyperCloud provides AWS security group rules that can be evaluated against your AWS subscription.
Security Group Rules
CHECK SECURITY GROUP ALLOWS TRAFFIC TO ITSELF
Checks if security groups allows traffic to itself by checking if source equals to security group ID.
CHECK UNUSED SECURITY GROUP
Checks if there are unused security groups.
Security groups are associated with network interfaces. If a security group does not have any associated network interface with it then the security group is unused.
CHECK SECURITY GROUP ALL ICMPV4 OPEN TO PUBLIC
Checks if all ICMPV4 is open to public on a security group.
CHECK SECURITY GROUP ALL ICMPV6 OPEN TO PUBLIC
Checks if all ICMPV6 is open to public on a security group.
CHECK SECURITY GROUP UDP OPEN TO PUBLIC
Checks if custom UDP is open to public on a security group.
Checks if user has opened specific UDP port or port range on a security group. Port groups can be taken as comma separated (443,8443,9090) or a range (1-65535) open to public.
Remediation : Delete security group ingress UDP rule that allows access to public on port or port range inputted by user in Security policy
CHECK SECURITY GROUP TCP OPEN TO PUBLIC
Checks if custom TCP is open to public on a security group.
Checks if user has opened a specific TCP port or port range on a security group. Port groups can be taken as comma separated (443,8443,9090) or a range (1-65535) open to public.
Remediation : Delete security group ingress TCP rule that allows access to public on port or port range inputted by a user in the security policy.
SECURITY GROUP ALLOWS ALL OUTGOING TRAFFIC
Checks if security group allows all outgoing traffic.
Default is allowed.
SECURITY GROUP ALL INCOMING PORTS OPEN
Checks if all incoming ports are open to public.
Remediation : Delete All Incoming port rule from Security Group
New Remediation
These rules exist only if remediation is added.
CHECK SECURITY GROUP SSH OPEN TO PUBLIC
Delete security group ingress SSH rule that allows access to public.
CHECK SECURITY GROUP RDP OPEN TO PUBLIC
Delete security group ingress RDP rule that allows access to public.
Security Group Policy
To enable a Security group policy on your AWS account:
Login to your HCP account.
Navigate to Governance & Security> Security Policies> New.
Select an AWS account. Select the region and provide the name and description (optional).
Click Next.
Select Security Group filter from Category Filter.
Select the Rules you wish to enable.
Go through the wizard and create a policy. Once the policy is executed, you will be able to see the compliance results at Governance & Security> Reports>Compliance Analysis.
Â
© 2020 CloudSphere