Misconfigurations
VPC
ZeusCloud provides the following security rules for AWS VPC:
- Security groups should not allow ingress to 0.0.0.0/0 on ports 22 and 3389
- Default security groups should block all inbound and outbound traffic
- Flow logs for VPC should be enabled and active
- The number of security groups within a region should be be minimized for easier management
- EC2 Classic should not be used and should be replaced by VPC
- Non-default security groups that are unused should be removed