Check your EC2 security groups for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0 or ::/0) to TCP port 3389 and restrict access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. TCP port 3389 is used for secure remote GUI login to Microsoft servers by connecting an RDP (Remote Desktop Protocol) client application with an RDP server: https://en.wikipedia.org/wiki/Remote_Desktop_Protocol.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing unrestricted RDP access can increase opportunities for malicious activity such as hacking, man-in-the-middle attacks (MITM) and Pass-the-Hash (PtH) attacks.
To determine if your EC2 security groups allow unrestricted RDP access, perform the following:
Remediation / Resolution
To update your security groups inbound/ingress configuration in order to restrict RDP access to specific entities (IP addresses, IP ranges, etc), perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Unrestricted RDP Access
Risk level: Medium