Some internal services might be listening to remote requests
- GG_ID: GG_IAC_0006
- Severity: HIGH
- Complexity: LOW
- Categories: NETWORK
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: False
Description#
Ingress access of a security group does not specify a port range. This means that some applications running on assets of this security group may be reached by external traffic, while they are not expected to do so.
Impact#
Potential exposure of applications that are not supposed to be" listening to external traffic.
Remediation guidelines#
Identify which ports needs to be exposed to external traffic, and open only those ports.