Unrestricted ingress traffic leave assets exposed to remote attacks
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | AWS | NETWORK |
Description
A security group has open ingress. This means that the assets in this security group are exposed to the whole web.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Having open ingress means anyone can try and connect to the asset.
- If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
- If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.
Remediation guidelines
Identify which remote ips need to connect to the asset, and implement the adequate CIDR rules. Note that assets that share the same security group can always access each other.