- The rule that exposes TCP ports 3380-3390 would also publicly expose port 3389 (RDP) to the entire internet. Write separate rules to only expose the needed ports.
- The first security group rule allows all traffic into this instance. Exposing your entire instance to the whole internet leaves the server open to various attacks of the other services running on different port numbers.
- Verify that the AWS account owners actually control the entire CIDR C block for 220.127.116.11-255 and these are secured IPs for RDP access into this instance.
- There are no recommendations to make.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.