ECS instance with RDP internet access

Network misconfigurations

ECS instance with RDP internet access

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

AliCloud CIS
Brazilian General Data Protection (LGPD)
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

A security group controls and limits the network access to your VPC or resource. RDP (Remote Desktop Protocol) port - 3389 is used to get remote control access to Windows instances. Allowing inbound traffic from all external IP addresses to RDP port is vulnerable to remote code execution, privilege elevation and flooding attack. It is a best practice to restrict access from specific IP addresses to port 3389. We have found that the instance {AliCloudEcsInstance} enables unlimited remote connection access through the Internet.

Recommended Mitigation

Review your security group permissions. If RDP access is required for your needs, limit it to a specific IP address.

ECS instance with RDP internet access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS