Sensitive Ports On Windows System Exposed To Internet

Overview

A Windows-based instance was identified that exposes sensitive ports to the Internet. These include:

Port 3389, which is used for remote administration Ports 445, 139, 137, and 138 which are used for SMB file sharing This check only creates an issue if the ports are exposed in a security group and the instance in that security group uses any version of Windows.

This check considers the issue a critical severity if the ports are exposed to the entire Internet, and high severity if the ports are exposed to specific IP addresses that are not registered as pre-approved.

Vendor

AWS

Cloud Service

EC2

Input

{"ports":{"label":"Ports","helpText":"List of ports to check for Internet exposure.","value":[137,138,139,445,3389],"type":"number[]"}}

References

https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/authorizing-access-to-an-instance.html

Severity

Item Types

AWS::EC2::Instance

AWS::EC2::SecurityGroup

Overview​

Vendor​

Cloud Service​

Input​

References​

Severity​

Item Types​

Related Item Types​