Unrestricted Telnet Access Should Not Be Allowed

More Info:

No security group should allow unrestricted inbound access to TCP port 23 (Telnet).

Risk Level

Medium

Address

Security

Compliance Standards

PCIDSS, SOC2, GDPR, HITRUST, AWSWAF

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the unrestricted Telnet access in AWS using AWS CLI, follow the steps below:

Open your terminal and configure your AWS CLI with the necessary credentials.
Run the following command to list all the security groups in your AWS account:

aws ec2 describe-security-groups

Identify the security group that has unrestricted Telnet access. Look for the security group that has port 23 open to all IP addresses (0.0.0.0/0).
Note down the security group ID of the identified security group.
Run the following command to revoke the Telnet access from the identified security group:

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 23 --cidr 0.0.0.0/0

Replace <security-group-id> with the ID of the identified security group.

Verify that the Telnet access has been revoked by running the following command:

aws ec2 describe-security-groups --group-ids <security-group-id>

This should show that the Telnet access has been removed from the identified security group.By following these steps, you have successfully remediated the unrestricted Telnet access in AWS using AWS CLI.

Using Python

To remediate the unrestricted Telnet access misconfiguration in AWS using Python, you can follow the below steps:

First, you need to identify the security group(s) that have unrestricted Telnet access. You can use the following Python code to retrieve the security groups:

import boto3

ec2 = boto3.resource('ec2')

# Get all security groups
security_groups = list(ec2.security_groups.all())

# Loop through each security group
for sg in security_groups:
    # Check if Telnet access is allowed
    for rule in sg.ip_permissions:
        if rule['IpProtocol'] == 'tcp' and rule['FromPort'] == 23 and rule['ToPort'] == 23:
            print(f"Security Group {sg.group_id} allows unrestricted Telnet access")

Once you have identified the security group(s) that have unrestricted Telnet access, you can remove the Telnet rule(s) from the security group(s). You can use the following Python code to remove the Telnet rule(s):

import boto3

ec2 = boto3.resource('ec2')

# Get the security group by ID
sg = ec2.SecurityGroup('sg-0123456789abcdef')

# Revoke the Telnet access rule(s)
sg.revoke_ingress(IpProtocol='tcp', FromPort=23, ToPort=23, CidrIp='0.0.0.0/0')

In the above code, replace ‘sg-0123456789abcdef’ with the ID of the security group that you want to remediate.By following the above steps, you can remediate the unrestricted Telnet access misconfiguration in AWS using Python.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted Telnet Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: