top of page
AWS Foundational Security Best Practice
EC2.21
Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389
Severity
Cloud Platforms
Resources
MEDIUM
AWS
Amazon EC2
This control checks whether a network access control list (NACL) allows unrestricted access to the default ports for SSH/RDP ingress traffic. The rule fails if a NACL inbound entry allows a source CIDR block of '0.0.0.0/0' or '::/0' for ports 22 or 3389
bottom of page