Network misconfigurations

AWS EC2 instance allows public ingress access on RDP port 3389

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

RDP (Remote Desktop Protocol) port - 3389 is used to get remote control access to Windows instances. Allowing inbound traffic from all external IP addresses to RDP port is vulnerable to remote code execution, privilege elevation and flooding attack. It is a best practice to restrict access from specific IP addresses to port 3389.
  • Recommended Mitigation

    It is recommended to replace the source IP of the rule with a specific IP address or delete the rule.