Ensure each VPC NACL does not allow all traffic inbound

Ensure that your VPCs Network Access Control List (NACLs) do not allow inbound traffic on all ports. This helps implement the policy of least privilege and is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the VPC service at: https://console.aws.amazon.com/vpc
  • On the left hand panel select Your VPCs.
  • select the hyperlink under VPC ID for the VPC you would like to examine.

 

 

  • Select the tab Details and locate the Network ACL hyperlink and select.

 

 

  • with the Network ACL ID selected, below select the Inbound Rules tab.
  • if your Allow rule currently has Port Range set to ALL, then select the Edit inbound rules in order to add specific ports to your inbound rule.

 

 

  • Once rules have been added that allows required ports, it is safe to remove the initial rul.
  • Repeat this process for each VPC that you have in each region.
See all of your AWS VPCs in a single place!

Do you want to see all VPCs in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +