IDENTIFY INTERNET FACING ADMINISTRATIVE USERS

Op Description

Find any instances or TCP ELBs with port 22 or RDP open.

Summary:

One of the most common security exposures are instances in security groups with ports 22 or 3389 open to the Interent (0.0.0.0/0). These are typically administrative servers and jump boxes. This Op identifies any security groups with the administrative ports open, and then determine if there are any exposed instances within those security groups. It can’t differentiate between instances that are Internet accessible, in ones that are still protected because they are in a private subnet.

DisruptOps users can choose to lock down the security group to pre-approved IP addresses, or completely quarantine the instances.

Supported Issue Types:

Instance exposed to Internet

The instance has Port 22 or 3389 open to 0.0.0.0/0

Instance at risk but not exposed

The instance has Port 22 or 3389 open to 0.0.0.0/0 but is not in a publicly accessible subnet

Supported Actions:

Restrict to approved IP address
Revoke security group ingress rules

Platform:

Cloud Security CoE Shared Services

By Mike Rothman|July 17th, 2019|Cloud Automation, Cloud Management, Security, Tips & Tricks|0 Comments

Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert

By Rich Mogull|July 16th, 2019|Cloud Automation, Cloud Management, How To's, Security, Tips & Tricks|0 Comments

Op Description

Summary:

Supported Issue Types:

Supported Actions:

Platform:

Related Articles

Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert

Op Details

Categories:

Tags:

IDENTIFY INTERNET FACING ADMINISTRATIVE USERS

Op Description

Summary:

Supported Issue Types:

Supported Actions:

Platform:

Related Articles

Cloud Security CoE Shared Services

Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert

Op Details

Categories:

Tags:

Share It With The World: Choose Your Platform!