AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unrestricted RDP Access Should Not Be Allowed
More Info:
No AWS EC2 security group should allow unrestricted inbound access to TCP port 3389 (RDP).
Risk Level
Medium
Address
Security
Compliance Standards
CISAWS, CBP, SOC2, PCIDSS, HITRUST, AWSWAF, GDPR, NISTCSF, FedRAMP
Triage and Remediation
Remediation
To remediate the unrestricted RDP access issue in AWS, you can follow these steps:
-
Login to the AWS Management Console.
-
Navigate to the EC2 service.
-
Select the EC2 instance(s) for which you want to restrict RDP access.
-
Click on the “Security Groups” tab in the bottom pane.
-
Select the security group(s) associated with the instance(s).
-
Click on the “Inbound Rules” tab.
-
Locate the rule that allows RDP access from any IP address (0.0.0.0/0).
-
Click on the “Edit” button next to the rule.
-
Change the source IP address to a specific IP address or range of IP addresses that are allowed to access RDP.
-
Click on the “Save” button to apply the changes.
-
Repeat these steps for all instances that have unrestricted RDP access.
By following these steps, you can remediate the unrestricted RDP access issue in AWS and restrict RDP access to specific IP addresses only.
To remediate the unrestricted RDP access in AWS, you can follow the below steps using AWS CLI:
-
Open the AWS CLI on your local machine.
-
Run the below command to list all the security groups in your AWS account.
aws ec2 describe-security-groups
-
Identify the security group that allows unrestricted RDP access.
-
Run the below command to revoke the inbound rule that allows unrestricted RDP access.
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 3389 --cidr 0.0.0.0/0
Note: Replace <security-group-id> with the ID of the security group identified in step 3.
- Verify that the inbound rule has been revoked by running the below command.
aws ec2 describe-security-groups --group-ids <security-group-id>
Note: Replace <security-group-id> with the ID of the security group identified in step 3.
- Repeat steps 3 to 5 for all the security groups that allow unrestricted RDP access.
By following the above steps, you can remediate the unrestricted RDP access in AWS.
To remediate unrestricted RDP access in AWS using Python, you can follow these steps:
- Import the necessary AWS SDK libraries in your Python script. You can use the Boto3 library to interact with AWS services.
import boto3
- Initialize the EC2 client using the Boto3 library.
ec2 = boto3.client('ec2')
- Use the
describe_security_groupsmethod to get a list of all security groups in your AWS account.
response = ec2.describe_security_groups()
security_groups = response['SecurityGroups']
- Loop through the security groups and check if any of them have an inbound rule allowing unrestricted RDP access (port 3389).
for sg in security_groups:
for rule in sg['IpPermissions']:
if rule['IpProtocol'] == 'tcp' and rule['FromPort'] == 3389 and rule['ToPort'] == 3389 and rule['IpRanges'] == [{'CidrIp': '0.0.0.0/0'}]:
# Remove the rule that allows unrestricted RDP access
ec2.revoke_security_group_ingress(
GroupId=sg['GroupId'],
IpPermissions=[rule]
)
- Save the Python script and run it to remove the rule that allows unrestricted RDP access in all security groups in your AWS account.
Note: Make sure you have the necessary permissions to modify security groups in your AWS account before running the script.