Unrestricted RDP Access Should Not Be Allowed

More Info:

No AWS EC2 security group should allow unrestricted inbound access to TCP port 3389 (RDP).

Risk Level

Medium

Address

Security

Compliance Standards

CISAWS, CBP, SOC2, PCIDSS, HITRUST, AWSWAF, GDPR, NISTCSF, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the unrestricted RDP access in AWS, you can follow the below steps using AWS CLI:

Open the AWS CLI on your local machine.
Run the below command to list all the security groups in your AWS account.

aws ec2 describe-security-groups

Identify the security group that allows unrestricted RDP access.
Run the below command to revoke the inbound rule that allows unrestricted RDP access.

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 3389 --cidr 0.0.0.0/0

Note: Replace <security-group-id> with the ID of the security group identified in step 3.

Verify that the inbound rule has been revoked by running the below command.

aws ec2 describe-security-groups --group-ids <security-group-id>

Note: Replace <security-group-id> with the ID of the security group identified in step 3.

Repeat steps 3 to 5 for all the security groups that allow unrestricted RDP access.

By following the above steps, you can remediate the unrestricted RDP access in AWS.

Using Python

To remediate unrestricted RDP access in AWS using Python, you can follow these steps:

Import the necessary AWS SDK libraries in your Python script. You can use the Boto3 library to interact with AWS services.

import boto3

Initialize the EC2 client using the Boto3 library.

ec2 = boto3.client('ec2')

Use the describe_security_groups method to get a list of all security groups in your AWS account.

response = ec2.describe_security_groups()
security_groups = response['SecurityGroups']

Loop through the security groups and check if any of them have an inbound rule allowing unrestricted RDP access (port 3389).

for sg in security_groups:
    for rule in sg['IpPermissions']:
        if rule['IpProtocol'] == 'tcp' and rule['FromPort'] == 3389 and rule['ToPort'] == 3389 and rule['IpRanges'] == [{'CidrIp': '0.0.0.0/0'}]:
            # Remove the rule that allows unrestricted RDP access
            ec2.revoke_security_group_ingress(
                GroupId=sg['GroupId'],
                IpPermissions=[rule]
            )

Save the Python script and run it to remove the rule that allows unrestricted RDP access in all security groups in your AWS account.

Note: Make sure you have the necessary permissions to modify security groups in your AWS account before running the script.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted RDP Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: