Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389.
The Network Access Control List (NACL) function provide stateless filtering of ingress and
egress network traffic to AWS resources. It is recommended that no NACL allows
unrestricted ingress access to remote server administration ports, such as SSH to port 22
and RDP to port 3389.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
AWSTemplateFormatVersion:"2010-09-09"Description:Godd example of excessive portsResources:NetworkACL:Type:AWS::EC2::NetworkAclProperties:VpcId:somethingRule:Type:AWS::EC2::NetworkAclEntryProperties:CidrBlock:10.0.0.0/8NetworkAclId:!Ref NetworkACLProtocol:6RuleAction:allowPortRange:From:22To:22