top of page
EC2.21
Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389
Severity
Cloud Platforms
Resources
Related Standards
Automated
MEDIUM
AWS
Amazon EC2
AWS Foundational Best Practice, NIST.800-53.r5,
This control checks whether a network access control list (NACL) allows unrestricted access to the default ports for SSH/RDP ingress traffic. The rule fails if a NACL inbound entry allows a source CIDR block of '0.0.0.0/0' or '::/0' for ports 22 or 3389
bottom of page