To access material, start machines and answer questions login.
An engineer spins up an instance during a late-night deployment. Port 22 goes in as a temporary convenience - just until the setup is done. The instance gets its workload, the team moves on, and the rule is never revisited. Three days later, a alert fires: UnauthorizedAccess:EC2/SSHBruteForce. The port has been answering automated scanners since the moment the instance came online.
Modern AWS environments require no inbound management ports. AWS Systems Manager Session Manager provides authenticated, audited shell access over the AWS control plane - no inbound rules, no key pairs, no brute-force surface. The port was never needed. This room shows you how to find it, close it, and build correctly from the start.
Learning Objectives
By the end of this room, you will be able to:
- Understand how an exposed management port creates a persistent brute-force attack vector
- Identify instances with SSH or RDP open to
0.0.0.0/0using the - Confirm whether Systems Manager is already available on a running instance
- Remove a public inbound management rule without interrupting administrative access
- Build a new instance with no inbound management port from the start
- Use Session Manager as the standard, auditable access path for administration
Prerequisites
- Being able to set up your environment (First Steps Into room)
- Basic commands ( Fundamentals room)
- Have a basic understanding of the compute service (Introduction to Cloud Computing room)
Unscheduled activation. Incoming scan on port 22.
Ready to learn Cyber Security?
The The Exposed Port room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
