We have noticed that at least one unnecessary port is open on your DB server, meaning that your DB server is potentially vulnerable. Typically this issue occurs when using the same security groups to secure DB and non-DB servers. We suggest setting security groups specifically for the DB server and limiting access to recommended DB-related ports only.
We have found that you have at least one of your security groups’ IP ports open to all internal AWS servers. This can potentially make some of your servers vulnerable. This issue can occur if one of your security groups was configured to allow access to the following IP range - 10.0.0.1/8.
We suggest limiting access of internal AWS servers to these open ports in one of the following ways:
- IP Address: Limit access to a specific IP address of an instance that is yours (e.g. 10.17.48.156/32)
- Security Group: Limit access to a certain security group (i.e. use another security group’s rules to limit access (e.g. sg-3c02c053).
Newvem monitors your security groups’ ports, and notifies you if it finds that at least one of them is currently open to all IP addresses. An open IP port may mean that some servers are exposed to access from any IP address worldwide, making them vulnerable. We suggest that you reduce the number of open ports to a minimum, limiting access from the outside world only to web-facing services. For example, port 80 for HTTP and port 443 for HTTPS.