Network Load Balancer allows inbound access to UDP port 389 (LDAP)

Network misconfigurations

Network Load Balancer allows inbound access to UDP port 389 (LDAP)

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8
CSA CCM
NIST 800-53

Description

Network Load Balancer ""{AwsEc2Elbv2}"" is associated with security group ""{AwsEc2Elbv2.SecurityGroups}"" that is configured to allow inbound access to UDP port 389 (LDAP) from any IP address (0.0.0.0/0)

Recommended Mitigation

It is recommended to configure Network Load Balancers to allow access to UDP port 389 (LDAP) from specific IP addresses only. More details can be found in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

Network Load Balancer allows inbound access to UDP port 389 (LDAP)

Description

Need help?