Security Group has Any Protocol Open

Tenacity Id

Risk Level

Categories

security-group-017

4

Last Updated:

April 21, 2022

An unused AWS Security Group contains an inbound rule that allows any protocol. Unrestricted inbound port access is inherently insecure and creates a broad attack surface of commonly exploited protocols that could be exploited by a malicious actor. Unused Security Groups should be removed, or if re-assigned, remove or restrict the inbound rule allowing any protocol in this Security Group by configuring rules for only the required protocols.