Skip to main content

Some internal services might be listening to remote requests

  • GG_ID: GG_IAC_0006
  • Severity: HIGH
  • Complexity: LOW
  • Categories: NETWORK
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False

Description#

Ingress access of a security group does not specify a port range. This means that some applications running on assets of this security group may be reached by external traffic, while they are not expected to do so.

Impact#

Potential exposure of applications that are not supposed to be" listening to external traffic.

Remediation guidelines#

Identify which ports needs to be exposed to external traffic, and open only those ports.

External documentation#