Unrestricted ingress traffic leave assets exposed to remote attacks
- GG_ID: GG_IAC_0005
- Severity: HIGH
- Complexity: HIGH
- Categories: NETWORK
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: False
Description#
A security group has open ingress. This means that the assets in this security group are exposed to the whole web.
Impact#
Having open ingress means anyone can try and connect to the asset.
- If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
- If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.
Remediation guidelines#
Identify which remote ips need to connect to the asset, and implement the adequate CIDR rules. Note that assets that share the same security group can always access each other.