Follow

What ports does Cloud Insight check by default for EC2 configuration hardening checks? | Cloud Insight FAQ

Alert Logic has checks in place to alert customers that Security Groups assigned to EC2 instances are open to the world and could allow malicious traffic to reach critical infrastructure.  Customers also have the ability to implement custom checks via Amazon Web Services Lambda that can be used to further specify business-specific Security Group rules to enhance environmental security posture.

Types of Unrestricted Inbound Access

Unrestricted Inbound Access

Security groups were found to have rules that allowed unrestricted access. Unrestricted access could allow for malicious activity, includingbut not limited tohacking, denial-of-service attacks, or loss of data. It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.

Unrestricted Inbound Access—Specific Ports 1

Security Groups were found to have rules that allowed unrestricted access (0.0.0.0/0) on ports 20, 21, 22, 23, 25, 53, 135, 137, 138, 445, 1433, 1434, 3306, 3389, 4333, 5432, 5500, or 5900. Unrestricted access could allow for malicious activity, includingbut not limited tohacking, denial-of service attacks, or loss of data.

It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.

Unrestricted Inbound Access—Specific Ports 2

Security Groups were found to have rules that allowed unrestricted access (0.0.0.0/0) on any other ports than 20, 21, 22, 23, 25, 53, 80, 135, 137, 138, 443, 445, 465, 1433, 1434, 3306, 3389, 4333, 5432, 5500, or 5900. Unrestricted access could allow for malicious activity, includingbut not limited tohacking, denial-of-service attacks, or loss of data.

It is recommended that users restrict access to IP addresses that are not required. Users should set the suffix to /32, to restrict access to a specific IP address.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.