What is the most efficient way to remediate the risk of this activity?

September 14, 2021 by Admin

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.

What is the most efficient way to remediate the risk of this activity?

  • Delete the internet gateway associated with the VPC.
  • Use network access control lists to block source IP addresses matching 0.0.0.0/0.
  • Use a host-based firewall to prevent access from all but the organization’s firewall IP.
  • Use AWS Config rules to detect 0.0.0.0/0 and invoke an AWS Lambda function to update the security group with the organization’s firewall IP.

Leave a Reply