Back to All Checks
Critical EC2 Regional

Security groups should not allow unrestricted access to high-risk ports

NIST

Description

Checks whether security groups allow unrestricted access to high-risk ports.

Remediation

To comply with this control, modify security groups to restrict access to high-risk ports.

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, click on 'Security Groups'.
  3. Select the security group you want to modify.
  4. In the 'Inbound rules' tab, identify rules that allow unrestricted access (0.0.0.0/0) to high-risk ports: SSH (22), RDP (3389), PostgreSQL (5432), MySQL (3306).
  5. For each identified rule, click on 'Edit inbound rules'.
  6. Modify the source to a more restricted IP range or delete the rule to restrict access.
  7. Click on 'Save rules' to apply the changes.
  8. Verify that the security group no longer allows unrestricted access to high-risk ports.

Compliance

NIST
Start Your Free Security Check