top of page
< Back

AWS Foundational Security Best Practice

EC2.21

Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

Severity

Cloud Platforms

Resources

MEDIUM

AWS

Amazon EC2

This control checks whether a network access control list (NACL) allows unrestricted access to the default ports for SSH/RDP ingress traffic. The rule fails if a NACL inbound entry allows a source CIDR block of '0.0.0.0/0' or '::/0' for ports 22 or 3389

bottom of page