Network misconfigurations

AWS EC2 instance allows public ingress access on RDP port 3389

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • UK Cyber Essentials

Description

RDP (Remote Desktop Protocol) port - 3389 is used to get remote control access to Windows instances. Allowing inbound traffic from all external IP addresses to RDP port is vulnerable to remote code execution, privilege elevation and flooding attack. It is a best practice to restrict access from specific IP addresses to port 3389.