lacework-global-127

Security group should not allow inbound traffic from all to all Internet Control Message Protocol (ICMP)

Description

Security groups provide stateful filtering of ingress/egress network traffic. Best practices recommend that no security group allows unrestricted ingress access to your hosts using the Internet Control Message Protocol (ICMP) via any port. This recommendation is to prevent any unauthorized access. A violation exists if any Security Groups allow unrestricted ICMP access such as 0.0.0.0/0.

Remediation

Edit or delete Security Group rules allowing unrestricted ICMP access.

1. Log in to the AWS Management Console.

2. Select Services.

3. Select EC2.

4. Under Network & Security, select Security Groups.

5. Select the Security Group to examine.

6. Under Inbound rules, select any rules with Protocol ICMP and Source 0.0.0.0/0, and select Edit inbound rules.

7. For each rule, either restrict the Source with a specific IP address or IP address range, or delete the rule by selecting Delete.

8. Select Save rules.