Network misconfigurations

ECS instance with SSH internet access

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

A security group controls and limits the network access to your VPC or resource. SSH (port 22) allows remote connection to your instance. Therefore, it is not recommended to allow access from the internet to this port, and limit it using a security group with permission to specific addresses. By default, AliCloud enables SSH access in order to let you connect to your resource. We have found that the instance {AliCloudEcsInstance} enables unlimited remote connection access through the internet.

  • Recommended Mitigation

    Review your security group permissions. If SSH access is required for your needs, limit it to a specific IP address.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.