Check your Amazon VPC Network Access Control Lists (NACLs) for inbound/ingress rules that allow unrestricted traffic (i.e. 0.0.0.0/0) on TCP ports 22 (SSH) and 3389 (RDP) and limit access to trusted IP addresses or IP ranges only in order to implement the Principle of Least Privilege (POLP) and reduce the attack surface at the subnet level. TCP port 22 (Secure Shell – SSH) is used for secure remote login by connecting an SSH client application with an SSH server. TCP port 3389 (Remote Desktop Protocol – RDP) is used for secure remote GUI login to Windows VM instances by connecting an RDP client application with an RDP server.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Exposing TCP ports 22 (SSH) and 3389 (RDP) to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM), and brute-force attacks, therefore it is strongly recommended to configure your Network Access Control Lists (NACLs) to limit inbound traffic on remote server administration ports 22 and 3389 to known and trusted IP addresses only.
To determine if your Network ACLs (NACLs) allow unrestricted inbound traffic on TCP ports 22 and 3389, perform the following actions:
Remediation / Resolution
To reconfigure your non-compliant Amazon VPC Network ACLs (NACLs) in order to allow remote server administration access from trusted entities only (i.e. authorized IP addresses and IP ranges), perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Unrestricted Inbound Traffic on Remote Server Administration Ports
Risk level: High