Consul is a popular service mesh solution that uses ports 8300, 8301, and 8302 for inter-node communication. It is important to restrict inbound access to these ports in order to prevent unauthorized access or potential attacks. To ensure the security of your Consul deployment, you should ensure that there is no unrestricted inbound access to TCP ports 8300, 8301, and 8302.
To ensure there is no unrestricted inbound access to TCP ports 8300, 8301, and 8302 (used by Consul), the following remediation steps can be taken:
- Identify the security group(s) associated with the affected EC2 instances running Consul.
- Modify the inbound rules of the security group(s) to allow only the necessary traffic to TCP ports 8300, 8301, and 8302.
- Create a new rule for TCP traffic to port 8300 with a source IP range that only includes authorized systems and applications.
- Repeat the above step for ports 8301 and 8302.
- Test the updated security group rules to confirm that the intended traffic is allowed and all other traffic is blocked.
By following these remediation steps, you can effectively restrict inbound traffic to the necessary systems and applications while minimizing the risk of unauthorized access to Consul.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.