Comments (3)
andresriancho
commented on September 12, 2024
PS: Reporting with the intention to a) learn, b) remove the check if it doesn't make sense.
from scout2.
x4v13r64
commented on September 12, 2024
A default SG (called "default") is created for each VPC. These SGs come with rules which allow all inbound traffic from instances assigned to the same security group, as well as all outbound traffic.
The default security group is assigned to new instances created within a VPC if no custom security groups are assigned to it during configuration.
These default rules may be overly permissive, for instance allowing an attacker who has compromised one instance with the default security group assigned to use horizontal privilege escalation to compromise all other instances configured with the default security group.
In order to improve system hardening, you should remove all rules from the default security groups so that they restricts all traffic. Should an instance be created without custom security groups, it will inherit the default security group and be unable to communicate with other instances within the VPC until the required custom security groups are assigned.
The rule you mentioned could/should be improved by making sure the rules for SGs named "default" are indeed the default rules, and haven't been modified to be more restrictive.
from scout2.
x4v13r64
commented on September 12, 2024
Closing as already included in https://github.com/nccgroup/Scout2/issues/281.
from scout2.
Related Issues (20)
- Flow Logs not mapped correctly to VPCs/Subnets HOT 1
- Error in Running Scout2 HOT 8
- KeyError: 'Name' in EFS service HOT 2
- KeyError: None in rules/preprocessing.py HOT 2
- KeyError in rules/preprocessing.py HOT 2
- KeyError in rules/preprocessing.py (VPC) HOT 2
- Report viewing problems with large AWS installs HOT 6
- allocation size overflow in JavaScript console HOT 6
- could not connect to the endpoint URL: "https://ec2.eu-west-1.amazonaws.com/ HOT 2
- Cloudtrail not configured / Shows empty region list on the left menu HOT 3
- False positive in Security group whitelists AWS CIDRs HOT 2
- Export results as CSV HOT 2
- Export the report to json? HOT 1
- Suggesting ViewOnlyAccess instead of ReadOnlyAccess HOT 1
- TCP port open to all HOT 2
- any rule for unused IAM access keys that have not been used for 30 days or since creation HOT 1
- Matching EC2 instances and IAM roles error HOT 5
- https://nccgroup.github.io/Scout2/ returns a 404 HOT 6
- Usage of library in python (question) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scout2.