Skip to main content

lacework-global-127

Security group should not allow inbound traffic from all to all ICMP

Description

Security groups provide stateful filtering of ingress/egress network traffic. It is recommended that no security group allows unrestricted ingress access to your hosts using the Internet Control Message Protocol (ICMP) via any port. This recommendation is to prevent any unauthorized access. A violation is reported if any Security Groups are found that allow unrestricted ICMP access such as 0.0.0.0/0.

Remediation

Edit or delete Security Group rules allowing unrestricted ICMP access.

  1. Log in to the AWS Management Console.

  2. Select Services.

  3. Select EC2.

  4. Under Network & Security, select Security Groups.

  5. Select the Security Group to examine.

  6. Under Inbound rules, select any rules with Protocol ICMP and Source 0.0.0.0/0, and select Edit inbound rules.

  7. For each rule, either restrict the Source with a specific IP address or IP address range, or delete the rule by selecting Delete.

  8. Select Save rules.