AWS-016 Amazon Web Services (AWS)

No Security Group allows unrestricted (0.0.0.0/0) ingress to SSH (22) or RDP (3389).

No Security Group allows unrestricted (0.0.0.0/0) ingress to SSH (22) or RDP (3389).

Domain
Amazon Web Services (AWS)
Area
Networking
Automated / manual
Automated

Risk if it fails

Open admin ports invite brute-force and exploitation.

An admin port open to the whole internet is constantly scanned by bots. They try millions of passwords; one weak server and the attacker is inside your network.

How Tess tests it

1 test — each concludes only on cited evidence.

No Security Group allows unrestricted (0.0.0.0/0) ingress to SSH (22) or RDP (3389).

Automated
Procedure
Enumerate security group rules and flag 0.0.0.0/0 or ::/0 on ports 22/3389.

Read-only command 

aws ec2 describe-security-groups --query "SecurityGroups[?IpPermissions[?(FromPort==`22`||FromPort==`3389`)&&IpRanges[?CidrIp=='0.0.0.0/0']]].GroupId"

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-016 against your evidence?

Book a demo