VPC security group rules should not permit ingress from ‘0.0.0.0/0’ to TCP/UDP port 2382 (SQL Server Analysis Services browser)¶
Description¶
VPC security group rules should not permit ingress from ‘0.0.0.0/0’ to TCP/UDP port 2382 (SQL Server Analysis Services Browser). Removing unfettered connectivity to a SQL Server Analysis Services Browser server reduces the chance of exposing critical data.
Console Remediation Steps¶
Navigate to VPC.
In the left pane, click Security Groups.
For each security group, perform the following:
Select the security group.
Click the Inbound Rules tab.
Identify the rules to be removed.
Click the x in the Remove column.
Click Save.
CLI Remediation Steps for TCP¶
Remove the inbound rule(s) that permits unrestricted ingress to TCP port 2382 from the selected Security Group:
aws ec2 revoke-security-group-ingress --region <region> --group-name <group_name> --protocol tcp --port 2382 --cidr 0.0.0.0/0
Optionally add a more restrictive ingress rule to the selected Security Group:
aws ec2 authorize-security-group-ingress --region <region> --group-name <group_name> --protocol tcp --port 2382 --cidr <cidr_block>
CLI Remediation Steps for UDP¶
Remove the inbound rule(s) that permits unrestricted ingress to UDP port 2382 from the selected Security Group:
aws ec2 revoke-security-group-ingress --region <region> --group-name <group_name> --protocol udp --port 2382 --cidr 0.0.0.0/0
Optionally add a more restrictive ingress rule to the selected Security Group:
aws ec2 authorize-security-group-ingress --region <region> --group-name <group_name> --protocol udp --port 2382 --cidr <cidr_block>