Ensure that your security groups don't have range of ports opened for inbound traffic in order to protect your EC2 instances against denial-of-service (DoS) attacks or brute-force attacks. Cloud Conformity strongly recommends opening only specific ports within your security groups, based on your applications requirements.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Opening range of ports inside your EC2 security groups is not a good practice because it will allow attackers to use port scanners and other probing techniques to identify services running on your instances and exploit their vulnerabilities.
To determine if your EC2 security groups implement range of ports to allow inbound traffic, perform the following:
Remediation / Resolution
To implement specific ports instead of range of ports for your EC2 security groups, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Security Group Port Range
Risk level: Medium