Back to All Checks
Medium EC2 Regional

Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

CISNISTISO 27001

Description

Checks whether Network ACLs allow ingress from 0.0.0.0/0 to port 22 or port 3389.

Remediation

To comply with this control, modify Network ACLs to ensure they do not allow ingress from 0.0.0.0/0 to port 22 (SSH) or port 3389 (RDP).

Steps

  1. Sign in to the AWS Management Console and open the VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, click on 'Network ACLs'.
  3. Select the Network ACL you want to modify.
  4. In the 'Inbound Rules' tab, look for rules that allow traffic from 0.0.0.0/0 to port 22 or port 3389.
  5. If such rules exist, click on 'Edit inbound rules' and either modify the source to a more restricted IP range or delete the rule.
  6. Click on 'Save' to apply the changes.
  7. Verify that the Network ACL no longer allows ingress from 0.0.0.0/0 to port 22 or port 3389.

Compliance

CISNISTISO 27001
Start Your Free Security Check