Control: VPC security groups should restrict ingress CIFS access from 0.0.0.0/0 and ::/0
Description
Common Internet File System (CIFS) is a network file-sharing protocol that allows systems to share files over a network. However, unrestricted CIFS access can expose your data to unauthorized users, leading to potential security risks. It is important to restrict CIFS access to only trusted networks and users to prevent unauthorized access and data breaches.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.vpc_security_group_restrict_ingress_cifs_port_allSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.vpc_security_group_restrict_ingress_cifs_port_all --shareSQL
This control uses a named query:
with ingress_cifs_rules as ( select group_id, count(*) as num_cifs_rules from aws_vpc_security_group_rule where type = 'ingress' and (cidr_ipv4 = '0.0.0.0/0' or cidr_ipv6 = '::/0') and ( ( ip_protocol = '-1' and from_port is null ) or ( from_port <= 445 and to_port >= 445 ) ) group by group_id)select arn as resource, case when ingress_cifs_rules.group_id is null then 'ok' else 'alarm' end as status, case when ingress_cifs_rules.group_id is null then sg.group_id || ' ingress restricted for CIFS port (445) from 0.0.0.0/0 and ::/0.' else sg.group_id || ' contains ' || ingress_cifs_rules.num_cifs_rules || ' ingress rule(s) allowing access on CIFS port (445) from 0.0.0.0/0 or ::/0..' end as reason , region, account_idfrom aws_vpc_security_group as sg left join ingress_cifs_rules on ingress_cifs_rules.group_id = sg.group_id;