Ensure EC2 Instances Do Not Allow Unrestricted Access to WinRM (Port 5985)

AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. AWS Security Groups are very flexible in nature and allow you to specify what type of traffic is allowed into and out of your EC2 Instances. With you having full control of what traffic patterns or inbound connectivity you allow, it is important that you mitigate as much risk as possible when opening up management and communication ports into your EC2 instance. An approach of least access should be put in place and only grant access to endpoints that require access. It is for this reason that WinRM should not be opened up to the internet and is considered an EC2 security best practice. Ensuring that this communication is restricted will help you with NIST, GDPR & PCI-DSS Compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the EC2 service at: https://console.aws.amazon.com/ec2
  • On the EC2 Dashboard in the main panel, Under Resources select the Running instances link.

 

 

  • In the main panel under Instances select an instance that you wish to evaluate.
  • Under Resource types to record ensure Include global resources is selected.

 

 

  • In the bottom panel, select the Security tab and under Security Groups and Inbound rules.
  • Look to see under Port range if port 5985 is specified and under Source has 0.0.0.0/0 is listed.

 

 

  • If this is true, your security group is non compliant. Select the hyperlink under Security groups which will take you to your security group settings.
  • Under the Inbound rules select the Editbutton.

 

 

  • Under Source choose custom and enter in the specific Ip Address or network this traffic should be limited to.
  • Delete the rule 0.0.0.0/0 or the rule ::/0 and save.

 

 

  • Repeat this process for each Instance in each region that you have.
  • Repeat this process for each account that you have.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +