top of page

EC2.21

Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Amazon EC2

AWS Foundational Best Practice, NIST.800-53.r5,

This control checks whether a network access control list (NACL) allows unrestricted access to the default ports for SSH/RDP ingress traffic. The rule fails if a NACL inbound entry allows a source CIDR block of '0.0.0.0/0' or '::/0' for ports 22 or 3389

bottom of page