Network misconfigurations

Elastic Load Balancer (ELB) allows ingress access to SMTP port 25

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • UK Cyber Essentials

Description

SMTP port - 25 is used to send/receive emails. Allowing inbound traffic from all external IP addresses to TCP Port 25 can be vulnerable to DoS and reconnaissance attacks. It is a best practice to restrict access from specific IP addresses to port 25.