Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389

4.1 and 4.2 Networking (AWS CIS Benchmark).

Description

Security groups provide stateful filtering of ingress/egress network traffic to AWS resources.

It is recommended that no security group allows unrestricted ingress access to port 3389 and port 22.

Remove unrestricted ingress access to port 3389 and port 22 via the AWS Management Console

Step 1. Log in to the AWS Management Console at https://console.aws.amazon.com/vpc/home

Step 2. In the left pane, click on Security Groups

Step 3. For each security group, perform the following:

  • Select the security group.
  • Click on the Inbound Rules tab.
  • Identify the rules to be removed.
  • Click on x in the "Remove" column.
  • Click on Save.