Services with public access must be kept only to public services. Public services are the most exposed to external attacks and should be minimized. Furthermore, public access requires a running public service in order to prevent an attacker or insider (with no access to the security groups firewall) from deploying a rogue publicly available service within your infrastructure.
We therefore wrote a script as part of the CloudyScripts project that detects open public ports that run no service for all instances in your EC2 infrastructure. Note: the same feature is also part of Elastic Detector and described in more detail here.
Filed under: AWS, Cloud Security, Cloudy_Scripts
Matthias Jung
Sergio Loureiro
Frederic Donnat
Cloudy_Scripts:
Elastic Detector
[...] Another things that must not be forgotten, is to close the specific SSH (TCP port 22). Except, if you are not using your default Amazon EC2 SecurityGroups, you must restrict administrative access to your Amazon EC2 infrastructure. Read more on Risk of publicly opened port. [...]