Critical

Ensure there is no unrestricted inbound access to TCP port 9090 (Prometheus)

Security & Compliance
No items found.
Description

Prometheus is a popular open-source monitoring and alerting system used in cloud-native environments. TCP port 9090 is the default port used by Prometheus for serving its web UI and API. Ensuring that there is no unrestricted inbound access to TCP port 9090 is crucial in protecting the Prometheus server from unauthorized access and potential attacks.If this port is left open and unrestricted, it can be exploited by attackers to gain access to the Prometheus server, modify configurations or data, or launch attacks. It is essential to restrict access to TCP port 9090 only to authorized users and systems‍.

Remediation

To ensure there is no unrestricted inbound access to TCP port 9090 (Prometheus), follow these remediation steps:

  1. Identify the security group associated with the affected resource that is listening on TCP port 9090.
  2. Edit the inbound rules for the security group and remove any rules that allow unrestricted access to TCP port 9090.
  3. Create a new inbound rule that allows access to TCP port 9090 only from trusted sources, such as a specific IP address or a security group that contains trusted resources.
  4. If there are multiple resources using the same security group, ensure that the new inbound rule only applies to the affected resource.
  5. Test the new inbound rule to ensure that it is working correctly and not causing any unintended disruptions to the resource or application.
  6. Regularly review and audit your security group configurations to ensure that there are no unrestricted inbound rules that could potentially compromise your resources.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.