H3-2022-0005

Secure Socket Shell (SSH) Port Exposed to the Internet

Description

The SSH service on this host is configured to be accessible from the Internet. An attacker can exploit this by attempting to gain unauthorized access using various techniques, such as trying common passwords or using previously compromised credentials to connect to your SSH service.

Impact

This misconfiguration enables an attacker to potentially gain remote access to your system. This access can be used to gain further control of your network, steal sensitive information, or disrupt normal operations.

References

• Eight ways to protect SSH access on your system
• AWS EC2 SSH Best Practices
• MITRE ATT&CK Technique: T1133: External Remote Services