Detections
Analytics
5.1.2 Ensure CIFS access is restricted to trusted networks to prevent unauthorized access
Information
Common Internet File System (CIFS) is a network file-sharing protocol that allows systems to share files over a network. However, unrestricted CIFS access can expose your data to unauthorized users, leading to potential security risks. It is important to restrict CIFS access to only trusted networks and users to prevent unauthorized access and data breaches.Allowing unrestricted CIFS access can lead to significant security vulnerabilities, as it may allow unauthorized users to access sensitive files and data. By restricting CIFS access to known and trusted networks, you can minimize the risk of unauthorized access and protect sensitive data from exposure to potential attackers. Implementing proper network access controls and permissions is essential for maintaining the security and integrity of your file-sharing systems.
Solution
From Console:- Login to the AWS Management Console.
- Navigate to the EC2 Dashboard and select the Security Groups section under Network & Security
- Identify the security group that allows unrestricted ingress on port 445.
- Select the security group and click the Edit Inbound Rules button.
- Locate the rule allowing unrestricted access on port 445 (typically listed as 0.0.0.0/0 or ::/0 ).
- Modify the rule to restrict access to specific IP ranges or trusted networks only.
- Save the changes to the security group.
From Command Line:
-
Run the following command to remove or modify the unrestricted rule for CIFS access:
aws ec2 revoke-security-group-ingress --region <region-name> --group-id <security-group-id> --protocol tcp --port 445 --cidr 0.0.0.0/0
- Optionally, run the authorise-security-group-ingress command to create a new rule, specifying a trusted CIDR range instead of 0.0.0.0/0
-
Confirm the changes by describing the security group again and ensuring the unrestricted access rule has been removed or appropriately restricted:
aws ec2 describe-security-groups --region <region-name> --group-ids <security-group-id> --query 'SecurityGroups[*].IpPermissions[?FromPort==`445`].{CIDR:IpRanges[*].CidrIp,Port:FromPort}'
-
Repeat the remediation for other security groups and regions as necessary.
Impact:
Restricting CIFS access may require additional configuration and management effort. However, the benefits of enhanced security and reduced risk of unauthorized access to sensitive data far outweigh the potential challenges.
See Also
Item Details
Audit Name: CIS Amazon Web Services Foundations v4.0.1 L1
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4
Plugin: amazon_aws
Control ID: 72cdf3b3775fac45ca724ebce89734acc20f89df2a500487d987318244c13505