False positive in Security group whitelists AWS CIDRs

nccgroup / Scout2

Security auditing tool for AWS environments

http://nccgroup.github.io/Scout2/

GNU General Public License v2.0

1.73k stars 300 forks source link

False positive in Security group whitelists AWS CIDRs #305

Closed andresriancho closed 6 years ago

andresriancho commented 6 years ago

https://github.com/nccgroup/Scout2/blob/15d20ce68c0c9328c583ff3ba172efc8326153c8/AWSScout2/rules/data/findings/ec2-security-group-whitelists-aws.json

Security group whitelists AWS CIDRs is being triggered on some security groups whenx.y.z.w/32 is allowed in the ingress traffic.

Because this is a /32 I believe it should be ignored by the rule.

l01cd3v commented 6 years ago

I disagree - if you whitelisted a /32 that was not an elastic IP in your account, you have very little control on what that IP will become.

In many cases, use of security groups / peering / etc may let you achieve similar results without the use of an IP address. If this is a valid use case for whitelisting a single IP, then this is when you'd want to save this as an exception.

x4v13r64 commented 6 years ago

Agreed and closed.