AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unrestricted Telnet Access Should Not Be Allowed
More Info:
No security group should allow unrestricted inbound access to TCP port 23 (Telnet).
Risk Level
Medium
Address
Security
Compliance Standards
PCIDSS, SOC2, GDPR, HITRUST, AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration of unrestricted Telnet access in AWS, you can follow the below steps:
- Log in to the AWS Management Console.
- Go to the EC2 Dashboard.
- Click on the Security Groups option from the left navigation pane.
- Select the security group that has unrestricted Telnet access.
- Click on the Inbound Rules tab.
- Locate the rule that allows Telnet access (port 23) and select it.
- Click on the Delete button to remove the rule.
- Click on the Save Rules button to save the changes.
This will remove the unrestricted Telnet access from the security group and help remediate the misconfiguration.
To remediate the unrestricted Telnet access in AWS using AWS CLI, follow the steps below:
-
Open your terminal and configure your AWS CLI with the necessary credentials.
-
Run the following command to list all the security groups in your AWS account:
aws ec2 describe-security-groups
-
Identify the security group that has unrestricted Telnet access. Look for the security group that has port 23 open to all IP addresses (0.0.0.0/0).
-
Note down the security group ID of the identified security group.
-
Run the following command to revoke the Telnet access from the identified security group:
aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 23 --cidr 0.0.0.0/0
Replace <security-group-id> with the ID of the identified security group.
- Verify that the Telnet access has been revoked by running the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>
This should show that the Telnet access has been removed from the identified security group.
By following these steps, you have successfully remediated the unrestricted Telnet access in AWS using AWS CLI.
To remediate the unrestricted Telnet access misconfiguration in AWS using Python, you can follow the below steps:
- First, you need to identify the security group(s) that have unrestricted Telnet access. You can use the following Python code to retrieve the security groups:
import boto3
ec2 = boto3.resource('ec2')
# Get all security groups
security_groups = list(ec2.security_groups.all())
# Loop through each security group
for sg in security_groups:
# Check if Telnet access is allowed
for rule in sg.ip_permissions:
if rule['IpProtocol'] == 'tcp' and rule['FromPort'] == 23 and rule['ToPort'] == 23:
print(f"Security Group {sg.group_id} allows unrestricted Telnet access")
- Once you have identified the security group(s) that have unrestricted Telnet access, you can remove the Telnet rule(s) from the security group(s). You can use the following Python code to remove the Telnet rule(s):
import boto3
ec2 = boto3.resource('ec2')
# Get the security group by ID
sg = ec2.SecurityGroup('sg-0123456789abcdef')
# Revoke the Telnet access rule(s)
sg.revoke_ingress(IpProtocol='tcp', FromPort=23, ToPort=23, CidrIp='0.0.0.0/0')
In the above code, replace ‘sg-0123456789abcdef’ with the ID of the security group that you want to remediate.
By following the above steps, you can remediate the unrestricted Telnet access misconfiguration in AWS using Python.